thumbgate 1.4.3 → 1.4.5

package/scripts/daily-digest.js

@@ -1,11 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-const { generateOrgDashboard } = require('./org-dashboard');
-const { deliver } = require('./webhook-delivery');
-const { getMeteredUsageSummary, MINUTES_SAVED_PER_BLOCK } = require('./metered-billing');
-const { createSchedule } = require('./schedule-manager');
-function formatDailyDigest(d) { const title = `ThumbGate Daily Digest — ${new Date().toISOString().slice(0, 10)}`; const lines = [`Agents: ${d.activeAgents} active / ${d.totalAgents} total`, `Tool calls: ${d.totalToolCalls}`, `Blocked: ${d.totalBlocked} | Warned: ${d.totalWarned} | Allowed: ${d.totalAllowed}`, `Adherence: ${d.orgAdherenceRate}%`]; if (d.totalBlocked > 0) { lines.push(`Hours saved: ~${Math.round(d.totalBlocked * MINUTES_SAVED_PER_BLOCK / 60 * 10) / 10}h (${d.totalBlocked} mistakes blocked)`); } if (d.topBlockedGates && d.topBlockedGates.length > 0) { lines.push('', 'Top blocked gates:'); for (const g of d.topBlockedGates.slice(0, 3)) lines.push(`  - ${g.gateId}: ${g.blocked} blocked, ${g.warned} warned`); } if (d.riskAgents && d.riskAgents.length > 0) { lines.push('', 'Risk agents (low adherence):'); for (const a of d.riskAgents.slice(0, 3)) lines.push(`  - ${a.id}: ${a.adherenceRate}% adherence (${a.toolCalls} calls)`); } return { title, message: lines.join('\n') }; }
-async function sendDailyDigest({ platform, webhookUrl, windowHours = 24 }) { const db = generateOrgDashboard({ windowHours, proOverride: true }); const { title, message } = formatDailyDigest(db); const delivery = await deliver(platform, webhookUrl, title, message); return { title, message, delivery }; }
-function createDailyDigestSchedule({ platform, webhookUrl, time = '9:00' }) { const cmd = [`const d = require(${JSON.stringify(__filename)});`, `d.sendDailyDigest(${JSON.stringify({ platform, webhookUrl })})`, '.then(r => { process.stdout.write(JSON.stringify(r, null, 2) + "\\n"); })', '.catch(e => { process.stderr.write(e.message + "\\n"); process.exit(1); });'].join(' '); return createSchedule({ id: 'thumbgate-daily-digest', name: 'ThumbGate Daily Digest', description: `Daily ${platform} digest at ${time}`, schedule: `daily ${time}`, command: cmd }); }
-function generateWeeklyStatsPost({ periodDays = 7 } = {}) { const u = getMeteredUsageSummary({ periodDays }); const db = generateOrgDashboard({ windowHours: periodDays * 24, proOverride: true }); const stats = { blockedCount: u.blockedCount, warnedCount: u.warnedCount, hoursSaved: u.hoursSaved, activeAgents: db.activeAgents, adherenceRate: db.orgAdherenceRate, topGate: db.topBlockedGates.length > 0 ? db.topBlockedGates[0].gateId : null }; const lines = [`This week ThumbGate blocked ${stats.blockedCount} mistakes, saving ~${stats.hoursSaved} hours.`]; if (stats.activeAgents > 0) lines.push(`${stats.activeAgents} agents running at ${stats.adherenceRate}% adherence.`); if (stats.warnedCount > 0) lines.push(`${stats.warnedCount} additional warnings surfaced before they became errors.`); if (stats.topGate) lines.push(`Most active gate: ${stats.topGate}`); lines.push('', 'Pre-action gates > post-mortem fixes.'); return { post: lines.join('\n'), stats }; }
-module.exports = { formatDailyDigest, sendDailyDigest, createDailyDigestSchedule, generateWeeklyStatsPost };

package/scripts/data-governance.js

@@ -1,173 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-/**
- * Data Governance — GitHub Copilot-inspired interaction data preferences.
- *
- * Controls what feedback data can be exported, shared, or used for training.
- * Integrates with PII scanner and DPO export gate to enforce user preferences.
- * Local-first: preferences stored on disk, nothing phones home without consent.
- */
-
-const fs = require('fs');
-const path = require('path');
-const { scanForPii, redactPii, gateDpoExport } = require('./pii-scanner');
-const { resolveFeedbackDir } = require('./feedback-paths');
-
-const PREFERENCES_FILE = 'data-usage-preferences.json';
-
-const DEFAULT_PREFERENCES = {
-  version: 1,
-  allowDpoExport: true,
-  allowSlowLoopTraining: true,
-  allowOrgDashboardSharing: true,
-  allowFeedbackCollection: true,
-  piiRedactionEnabled: true,
-  maxExportSensitivity: 'internal',
-  retentionDays: 90,
-  updatedAt: null,
-};
-
-function getPreferencesPath() {
-  return path.join(resolveFeedbackDir(), PREFERENCES_FILE);
-}
-
-function loadPreferences() {
-  const p = getPreferencesPath();
-  if (!fs.existsSync(p)) return { ...DEFAULT_PREFERENCES };
-  try {
-    const stored = JSON.parse(fs.readFileSync(p, 'utf-8'));
-    return { ...DEFAULT_PREFERENCES, ...stored };
-  } catch { return { ...DEFAULT_PREFERENCES }; }
-}
-
-function savePreferences(prefs) {
-  const p = getPreferencesPath();
-  const dir = path.dirname(p);
-  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
-  const merged = { ...DEFAULT_PREFERENCES, ...prefs, updatedAt: new Date().toISOString() };
-  fs.writeFileSync(p, JSON.stringify(merged, null, 2) + '\n');
-  return merged;
-}
-
-function updatePreference(key, value) {
-  if (!(key in DEFAULT_PREFERENCES)) throw new Error(`Unknown preference: "${key}". Valid: ${Object.keys(DEFAULT_PREFERENCES).join(', ')}`);
-  if (key === 'version') throw new Error('Cannot modify version field');
-  const prefs = loadPreferences();
-  prefs[key] = value;
-  return savePreferences(prefs);
-}
-
-/**
- * Check if a specific data operation is allowed by current preferences.
- */
-function isOperationAllowed(operation) {
-  const prefs = loadPreferences();
-  switch (operation) {
-    case 'dpo_export': return prefs.allowDpoExport;
-    case 'slow_loop': return prefs.allowSlowLoopTraining;
-    case 'org_dashboard': return prefs.allowOrgDashboardSharing;
-    case 'feedback_capture': return prefs.allowFeedbackCollection;
-    default: return true;
-  }
-}
-
-/**
- * Apply governance policies to a DPO export: check preferences, scan PII, gate output.
- * Returns { allowed, pairs, blocked, reason, piiStats }.
- */
-function governedDpoExport(pairs) {
-  const prefs = loadPreferences();
-  if (!prefs.allowDpoExport) {
-    return { allowed: false, pairs: [], blocked: pairs.length, reason: 'DPO export disabled by user preference', piiStats: null };
-  }
-  const gateResult = gateDpoExport(pairs, { maxSensitivity: prefs.maxExportSensitivity });
-  let safePairs = gateResult.safePairs;
-  if (prefs.piiRedactionEnabled) {
-    safePairs = safePairs.map((p) => ({
-      prompt: redactPii(p.prompt),
-      chosen: redactPii(p.chosen),
-      rejected: redactPii(p.rejected),
-    }));
-  }
-  return {
-    allowed: true,
-    pairs: safePairs,
-    blocked: gateResult.blockedCount,
-    totalScanned: gateResult.totalScanned,
-    passRate: gateResult.passRate,
-    reason: gateResult.blockedCount > 0 ? `${gateResult.blockedCount} pairs blocked by PII gate` : 'all pairs clean',
-    piiStats: { blockedCount: gateResult.blockedCount, redactionEnabled: prefs.piiRedactionEnabled, maxSensitivity: prefs.maxExportSensitivity },
-  };
-}
-
-/**
- * Apply retention policy: delete feedback entries older than retentionDays.
- * Returns count of entries purged.
- */
-function enforceRetention() {
-  const prefs = loadPreferences();
-  const feedbackDir = resolveFeedbackDir();
-  const logPath = path.join(feedbackDir, 'feedback-log.jsonl');
-  if (!fs.existsSync(logPath)) return { purged: 0, remaining: 0 };
-
-  const cutoff = Date.now() - prefs.retentionDays * 24 * 60 * 60 * 1000;
-  const raw = fs.readFileSync(logPath, 'utf-8').trim();
-  if (!raw) return { purged: 0, remaining: 0 };
-
-  const lines = raw.split('\n');
-  const kept = [];
-  let purged = 0;
-
-  for (const line of lines) {
-    try {
-      const entry = JSON.parse(line);
-      const ts = new Date(entry.timestamp || entry.createdAt || 0).getTime();
-      if (ts > cutoff) { kept.push(line); } else { purged++; }
-    } catch { kept.push(line); }
-  }
-
-  fs.writeFileSync(logPath, kept.join('\n') + (kept.length > 0 ? '\n' : ''));
-  return { purged, remaining: kept.length, retentionDays: prefs.retentionDays };
-}
-
-/**
- * Generate a human-readable data usage summary for compliance.
- */
-function generateDataUsageSummary() {
-  const prefs = loadPreferences();
-  const feedbackDir = process.env.THUMBGATE_FEEDBACK_DIR || path.join(process.cwd(), '.thumbgate');
-  const logPath = path.join(feedbackDir, 'feedback-log.jsonl');
-  let entryCount = 0;
-  if (fs.existsSync(logPath)) {
-    const raw = fs.readFileSync(logPath, 'utf-8').trim();
-    entryCount = raw ? raw.split('\n').length : 0;
-  }
-
-  return {
-    dataStorageLocation: 'local-only (on-device)',
-    phonesHome: false,
-    feedbackEntries: entryCount,
-    preferences: {
-      dpoExport: prefs.allowDpoExport ? 'enabled' : 'disabled',
-      slowLoopTraining: prefs.allowSlowLoopTraining ? 'enabled' : 'disabled',
-      orgDashboardSharing: prefs.allowOrgDashboardSharing ? 'enabled' : 'disabled',
-      piiRedaction: prefs.piiRedactionEnabled ? 'enabled' : 'disabled',
-      maxExportSensitivity: prefs.maxExportSensitivity,
-      retentionDays: prefs.retentionDays,
-    },
-    compliance: {
-      localFirst: true,
-      piiScanning: prefs.piiRedactionEnabled,
-      dataRetention: `${prefs.retentionDays} days`,
-      exportGating: prefs.allowDpoExport ? `PII gate at ${prefs.maxExportSensitivity} threshold` : 'exports disabled',
-    },
-    generatedAt: new Date().toISOString(),
-  };
-}
-
-module.exports = {
-  DEFAULT_PREFERENCES, loadPreferences, savePreferences, updatePreference,
-  isOperationAllowed, governedDpoExport, enforceRetention, generateDataUsageSummary,
-  getPreferencesPath,
-};

package/scripts/deploy-gcp.sh

@@ -1,44 +0,0 @@
-#!/bin/bash
-# GSD: Deploy ThumbGate Control Plane to Google Cloud Run
-
-set -euo pipefail
-
-PROJECT_ID=$(gcloud config get-value project)
-SERVICE_NAME="thumbgate-control-plane"
-REGION="us-central1"
-
-: "${THUMBGATE_API_KEY:?THUMBGATE_API_KEY is required}"
-: "${THUMBGATE_API_KEY_ROTATED_AT:?THUMBGATE_API_KEY_ROTATED_AT is required}"
-: "${STRIPE_SECRET_KEY:?STRIPE_SECRET_KEY is required}"
-: "${STRIPE_SECRET_KEY_ROTATED_AT:?STRIPE_SECRET_KEY_ROTATED_AT is required}"
-: "${STRIPE_WEBHOOK_SECRET:?STRIPE_WEBHOOK_SECRET is required}"
-: "${STRIPE_WEBHOOK_SECRET_ROTATED_AT:?STRIPE_WEBHOOK_SECRET_ROTATED_AT is required}"
-: "${THUMBGATE_PUBLIC_APP_ORIGIN:?THUMBGATE_PUBLIC_APP_ORIGIN is required}"
-: "${THUMBGATE_BILLING_API_BASE_URL:?THUMBGATE_BILLING_API_BASE_URL is required}"
-
-THUMBGATE_FEEDBACK_DIR="${THUMBGATE_FEEDBACK_DIR:-/data/feedback}"
-THUMBGATE_GA_MEASUREMENT_ID="${THUMBGATE_GA_MEASUREMENT_ID:-}"
-THUMBGATE_GOOGLE_SITE_VERIFICATION="${THUMBGATE_GOOGLE_SITE_VERIFICATION:-}"
-
-node scripts/deploy-policy.js --profiles=runtime,billing
-
-echo "🚀 Deploying Agentic Control Plane to $REGION..."
-
-gcloud builds submit --tag gcr.io/$PROJECT_ID/$SERVICE_NAME
-gcloud run deploy $SERVICE_NAME \
-  --image gcr.io/$PROJECT_ID/$SERVICE_NAME \
-  --platform managed \
-  --region $REGION \
-  --allow-unauthenticated \
-  --set-env-vars \
-THUMBGATE_API_KEY="$THUMBGATE_API_KEY",\
-STRIPE_SECRET_KEY="$STRIPE_SECRET_KEY",\
-STRIPE_WEBHOOK_SECRET="$STRIPE_WEBHOOK_SECRET",\
-THUMBGATE_PUBLIC_APP_ORIGIN="$THUMBGATE_PUBLIC_APP_ORIGIN",\
-THUMBGATE_BILLING_API_BASE_URL="$THUMBGATE_BILLING_API_BASE_URL",\
-THUMBGATE_FEEDBACK_DIR="$THUMBGATE_FEEDBACK_DIR",\
-THUMBGATE_GA_MEASUREMENT_ID="$THUMBGATE_GA_MEASUREMENT_ID",\
-THUMBGATE_GOOGLE_SITE_VERIFICATION="$THUMBGATE_GOOGLE_SITE_VERIFICATION"
-
-echo "✅ Success! Your Control Plane is live."
-gcloud run services describe $SERVICE_NAME --region $REGION --format='value(status.url)'

package/scripts/deploy-policy.js

@@ -1,249 +0,0 @@
-#!/usr/bin/env node
-'use strict';
-
-const { DEFAULT_PUBLIC_APP_ORIGIN, normalizeOrigin } = require('./hosted-config');
-
-const SECRET_POLICY = {
-  THUMBGATE_API_KEY: { rotatedAtEnv: 'THUMBGATE_API_KEY_ROTATED_AT', maxAgeDays: 30 },
-  STRIPE_SECRET_KEY: { rotatedAtEnv: 'STRIPE_SECRET_KEY_ROTATED_AT', maxAgeDays: 30 },
-  STRIPE_WEBHOOK_SECRET: { rotatedAtEnv: 'STRIPE_WEBHOOK_SECRET_ROTATED_AT', maxAgeDays: 30 },
-  RAILWAY_TOKEN: { rotatedAtEnv: 'RAILWAY_TOKEN_ROTATED_AT', maxAgeDays: 90 },
-  GITHUB_MARKETPLACE_WEBHOOK_SECRET: {
-    rotatedAtEnv: 'GITHUB_MARKETPLACE_WEBHOOK_SECRET_ROTATED_AT',
-    maxAgeDays: 90,
-  },
-};
-
-const PROFILE_DEFS = {
-  runtime: {
-    requiredSecrets: ['THUMBGATE_API_KEY'],
-    requiredVars: [],
-  },
-  billing: {
-    requiredSecrets: ['STRIPE_SECRET_KEY', 'STRIPE_WEBHOOK_SECRET'],
-    requiredVars: ['THUMBGATE_PUBLIC_APP_ORIGIN', 'THUMBGATE_BILLING_API_BASE_URL'],
-  },
-  deploy: {
-    requiredSecrets: ['RAILWAY_TOKEN'],
-    requiredVars: [
-      'RAILWAY_PROJECT_ID',
-      'RAILWAY_ENVIRONMENT_ID',
-      'RAILWAY_HEALTHCHECK_URL',
-      'THUMBGATE_PUBLIC_APP_ORIGIN',
-      'THUMBGATE_BILLING_API_BASE_URL',
-    ],
-  },
-  github_marketplace: {
-    requiredSecrets: ['GITHUB_MARKETPLACE_WEBHOOK_SECRET'],
-    requiredVars: [],
-  },
-};
-
-function resolveEnvValue(name, env = process.env) {
-  const value = String(env[name] || '').trim();
-  if (value) {
-    return value;
-  }
-
-  if (name === 'THUMBGATE_PUBLIC_APP_ORIGIN') {
-    return DEFAULT_PUBLIC_APP_ORIGIN;
-  }
-
-  if (name === 'THUMBGATE_BILLING_API_BASE_URL') {
-    return resolveEnvValue('THUMBGATE_PUBLIC_APP_ORIGIN', env);
-  }
-
-  return '';
-}
-
-function parseTimestamp(value) {
-  if (!value || typeof value !== 'string') {
-    return null;
-  }
-  const parsed = new Date(value);
-  if (Number.isNaN(parsed.getTime())) {
-    return null;
-  }
-  return parsed;
-}
-
-function getAgeDays(timestamp, now = new Date()) {
-  return Math.floor((now.getTime() - timestamp.getTime()) / 86_400_000);
-}
-
-function isAbsoluteHttpUrl(value) {
-  if (!value || typeof value !== 'string') {
-    return false;
-  }
-  try {
-    const parsed = new URL(value);
-    return /^https?:$/.test(parsed.protocol);
-  } catch {
-    return false;
-  }
-}
-
-function normalizeProfiles(profiles) {
-  const unique = new Set();
-  for (const profile of profiles || []) {
-    const trimmed = String(profile || '').trim();
-    if (!trimmed) {
-      continue;
-    }
-    if (!PROFILE_DEFS[trimmed]) {
-      throw new Error(`Unknown deploy policy profile: ${trimmed}`);
-    }
-    unique.add(trimmed);
-  }
-  return Array.from(unique);
-}
-
-function collectRequiredItems(profiles, key) {
-  const items = new Set();
-  for (const profile of profiles) {
-    for (const value of PROFILE_DEFS[profile][key]) {
-      items.add(value);
-    }
-  }
-  return Array.from(items);
-}
-
-function evaluateDeployPolicy(env = process.env, { profiles = ['runtime'], now = new Date() } = {}) {
-  const selectedProfiles = normalizeProfiles(profiles);
-  const requiredSecrets = collectRequiredItems(selectedProfiles, 'requiredSecrets');
-  const requiredVars = collectRequiredItems(selectedProfiles, 'requiredVars');
-  const errors = [];
-
-  for (const name of requiredVars) {
-    const value = resolveEnvValue(name, env);
-    if (!value) {
-      errors.push({ type: 'missing_variable', name, message: `${name} is required` });
-      continue;
-    }
-
-    if ((name.endsWith('_ORIGIN') || name.endsWith('_BASE_URL')) && !normalizeOrigin(value)) {
-      errors.push({ type: 'invalid_origin', name, message: `${name} must be an absolute http(s) origin` });
-    }
-
-    if (name === 'RAILWAY_HEALTHCHECK_URL' && !isAbsoluteHttpUrl(value)) {
-      errors.push({ type: 'invalid_url', name, message: `${name} must be an absolute http(s) URL` });
-    }
-  }
-
-  for (const name of requiredSecrets) {
-    const secretValue = resolveEnvValue(name, env);
-    if (!secretValue.trim()) {
-      errors.push({ type: 'missing_secret', name, message: `${name} is required` });
-      continue;
-    }
-
-    const policy = SECRET_POLICY[name];
-    if (!policy) {
-      continue;
-    }
-
-    const rotatedAtRaw = resolveEnvValue(policy.rotatedAtEnv, env);
-    if (!rotatedAtRaw) {
-      errors.push({
-        type: 'missing_rotation_timestamp',
-        name: policy.rotatedAtEnv,
-        message: `${policy.rotatedAtEnv} is required for ${name}`,
-      });
-      continue;
-    }
-
-    const rotatedAt = parseTimestamp(rotatedAtRaw);
-    if (!rotatedAt) {
-      errors.push({
-        type: 'invalid_rotation_timestamp',
-        name: policy.rotatedAtEnv,
-        message: `${policy.rotatedAtEnv} must be a valid ISO timestamp`,
-      });
-      continue;
-    }
-
-    const ageDays = getAgeDays(rotatedAt, now);
-    if (ageDays < 0) {
-      errors.push({
-        type: 'future_rotation_timestamp',
-        name: policy.rotatedAtEnv,
-        message: `${policy.rotatedAtEnv} cannot be in the future`,
-      });
-      continue;
-    }
-
-    if (ageDays > policy.maxAgeDays) {
-      errors.push({
-        type: 'stale_secret',
-        name,
-        message: `${name} is stale (${ageDays}d old, max ${policy.maxAgeDays}d)`,
-      });
-    }
-  }
-
-  return {
-    ok: errors.length === 0,
-    checkedAt: now.toISOString(),
-    profiles: selectedProfiles,
-    requiredSecrets,
-    requiredVars,
-    errors,
-  };
-}
-
-function formatReport(report) {
-  const lines = [];
-  lines.push(`Deploy Policy Check @ ${report.checkedAt}`);
-  lines.push(`Profiles: ${report.profiles.join(', ') || 'none'}`);
-  lines.push(`Result: ${report.ok ? 'PASS' : 'FAIL'}`);
-  lines.push(`Secrets checked: ${report.requiredSecrets.length}`);
-  lines.push(`Variables checked: ${report.requiredVars.length}`);
-  if (report.errors.length) {
-    lines.push('');
-    for (const error of report.errors) {
-      lines.push(`- ${error.message}`);
-    }
-  }
-  return `${lines.join('\n')}\n`;
-}
-
-function parseArgs(argv) {
-  const args = new Set(argv);
-  const profileArg = argv.find((value) => value.startsWith('--profiles='));
-  const profiles = profileArg
-    ? profileArg.slice('--profiles='.length).split(',').map((value) => value.trim()).filter(Boolean)
-    : ['runtime', 'billing', 'deploy'];
-  return {
-    json: args.has('--json'),
-    profiles,
-  };
-}
-
-function runCli(argv = process.argv.slice(2)) {
-  const options = parseArgs(argv);
-  const report = evaluateDeployPolicy(process.env, { profiles: options.profiles });
-
-  if (options.json) {
-    process.stdout.write(`${JSON.stringify(report, null, 2)}\n`);
-  } else {
-    process.stdout.write(formatReport(report));
-  }
-
-  if (!report.ok) {
-    process.exit(1);
-  }
-}
-
-module.exports = {
-  SECRET_POLICY,
-  PROFILE_DEFS,
-  parseTimestamp,
-  getAgeDays,
-  resolveEnvValue,
-  evaluateDeployPolicy,
-  formatReport,
-};
-
-if (require.main === module) {
-  runCli();
-}