thumbgate 1.5.8 → 1.7.0

package/scripts/dashboard.js

@@ -26,6 +26,7 @@ const { computeDecisionMetrics } = require('./decision-journal');
 const PROJECT_ROOT = path.join(__dirname, '..');
 const DEFAULT_GATES_PATH = path.join(PROJECT_ROOT, 'config', 'gates', 'default.json');
 const LANDING_PAGE_PATH = path.join(PROJECT_ROOT, 'public', 'index.html');
+const DASHBOARD_REVIEW_STATE_FILE = 'dashboard-review-state.json';
 
 // ---------------------------------------------------------------------------
 // Data readers
@@ -72,6 +73,225 @@ function toLocalDayKey(value) {
   return `${year}-${month}-${day}`;
 }
 
+function getDashboardReviewStatePath(feedbackDir) {
+  return path.join(feedbackDir, DASHBOARD_REVIEW_STATE_FILE);
+}
+
+function inferProjectRootFromFeedbackDir(feedbackDir) {
+  if (!feedbackDir) return null;
+  const resolved = path.resolve(feedbackDir);
+  return path.basename(resolved) === '.thumbgate' ? path.dirname(resolved) : null;
+}
+
+function resolveGitDir(projectRoot) {
+  const gitPath = path.join(projectRoot, '.git');
+  if (!fs.existsSync(gitPath)) return null;
+  const stat = fs.statSync(gitPath);
+  if (stat.isDirectory()) return gitPath;
+  // Worktree / submodule: .git is a file like "gitdir: /path/to/real/gitdir".
+  // Parse with startsWith+slice — no regex, so no ReDoS surface (S5852).
+  if (stat.isFile()) {
+    const contents = fs.readFileSync(gitPath, 'utf8').trim();
+    const prefix = 'gitdir:';
+    if (!contents.startsWith(prefix)) return null;
+    const target = contents.slice(prefix.length).trim();
+    if (!target) return null;
+    const resolved = path.isAbsolute(target)
+      ? target
+      : path.resolve(projectRoot, target);
+    return fs.existsSync(resolved) ? resolved : null;
+  }
+  return null;
+}
+
+function readGitHead(projectRoot) {
+  if (!projectRoot) return null;
+  const gitDir = resolveGitDir(projectRoot);
+  if (!gitDir) return null;
+  try {
+    // Read .git/HEAD directly instead of spawning `git rev-parse HEAD`.
+    // Avoids S4036 (PATH-resolved binary) and is faster: no subprocess.
+    const head = fs.readFileSync(path.join(gitDir, 'HEAD'), 'utf8').trim();
+    if (!head) return null;
+    // Detached HEAD: the file contains the raw SHA.
+    if (/^[0-9a-f]{40}$/i.test(head)) return head;
+    // Symbolic ref: "ref: refs/heads/<branch>" — resolve the ref file.
+    // Parse with startsWith+slice — no regex, so no ReDoS surface (S5852).
+    const refPrefix = 'ref:';
+    if (!head.startsWith(refPrefix)) return null;
+    const refName = head.slice(refPrefix.length).trim();
+    if (!refName) return null;
+    // For worktrees, the commondir points to the main .git. Refs may live
+    // there rather than in the per-worktree gitdir.
+    const commonDirFile = path.join(gitDir, 'commondir');
+    let commonDir = gitDir;
+    if (fs.existsSync(commonDirFile)) {
+      const rel = fs.readFileSync(commonDirFile, 'utf8').trim();
+      commonDir = path.isAbsolute(rel) ? rel : path.resolve(gitDir, rel);
+    }
+    for (const base of [gitDir, commonDir]) {
+      const refPath = path.join(base, refName);
+      if (fs.existsSync(refPath)) {
+        const sha = fs.readFileSync(refPath, 'utf8').trim();
+        if (/^[0-9a-f]{40}$/i.test(sha)) return sha;
+      }
+    }
+    // Packed refs fallback.
+    const packed = path.join(commonDir, 'packed-refs');
+    if (!fs.existsSync(packed)) return null;
+    const lines = fs.readFileSync(packed, 'utf8').split(/\r?\n/);
+    for (const line of lines) {
+      if (line.startsWith('#') || line.startsWith('^')) continue;
+      const [sha, ref] = line.split(/\s+/);
+      if (ref === refName && /^[0-9a-f]{40}$/i.test(sha)) return sha;
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
+function findLatestTimestamp(entries) {
+  return entries.reduce((latest, entry) => {
+    const timestamp = normalizeText(entry && entry.timestamp);
+    if (!timestamp) return latest;
+    if (!latest) return timestamp;
+    return new Date(timestamp).getTime() > new Date(latest).getTime() ? timestamp : latest;
+  }, null);
+}
+
+function buildReviewSnapshot(feedbackDir, options = {}) {
+  const feedbackEntries = Array.isArray(options.feedbackEntries)
+    ? options.feedbackEntries
+    : readJSONL(path.join(feedbackDir, 'feedback-log.jsonl'));
+  const memoryEntries = Array.isArray(options.memoryEntries)
+    ? options.memoryEntries
+    : readJSONL(path.join(feedbackDir, 'memory-log.jsonl'));
+  const auditEntries = Array.isArray(options.auditEntries)
+    ? options.auditEntries
+    : readJSONL(path.join(feedbackDir, AUDIT_LOG_FILENAME));
+  const projectRoot = options.projectRoot === undefined
+    ? inferProjectRootFromFeedbackDir(feedbackDir)
+    : options.projectRoot;
+
+  return {
+    reviewedAt: options.reviewedAt || new Date().toISOString(),
+    feedbackCount: feedbackEntries.length,
+    positiveCount: feedbackEntries.filter((entry) => entry.signal === 'positive').length,
+    negativeCount: feedbackEntries.filter((entry) => entry.signal === 'negative').length,
+    lessonCount: memoryEntries.length,
+    blockedCount: auditEntries.filter((entry) => entry && entry.decision === 'deny').length,
+    warnedCount: auditEntries.filter((entry) => entry && entry.decision === 'warn').length,
+    latestFeedbackAt: findLatestTimestamp(feedbackEntries),
+    latestLessonAt: findLatestTimestamp(memoryEntries),
+    gitHead: readGitHead(projectRoot),
+  };
+}
+
+function readDashboardReviewState(feedbackDir) {
+  return readJsonFile(getDashboardReviewStatePath(feedbackDir));
+}
+
+function writeDashboardReviewState(feedbackDir, snapshot) {
+  fs.mkdirSync(feedbackDir, { recursive: true });
+  fs.writeFileSync(getDashboardReviewStatePath(feedbackDir), `${JSON.stringify(snapshot, null, 2)}\n`);
+  return snapshot;
+}
+
+function selectLatestRecord(entries, mapper) {
+  let latest = null;
+  let latestTime = -Infinity;
+  for (const entry of entries) {
+    const timestamp = normalizeText(entry && entry.timestamp);
+    if (!timestamp) continue;
+    const currentTime = new Date(timestamp).getTime();
+    if (Number.isNaN(currentTime) || currentTime < latestTime) continue;
+    latest = mapper(entry);
+    latestTime = currentTime;
+  }
+  return latest;
+}
+
+function summarizeReviewDelta(feedbackEntries, memoryEntries, auditEntries, baseline, currentSnapshot) {
+  const noBaselineSummary = {
+    hasBaseline: false,
+    reviewedAt: null,
+    previousHead: null,
+    currentHead: currentSnapshot.gitHead || null,
+    feedbackAdded: feedbackEntries.length,
+    negativeAdded: feedbackEntries.filter((entry) => entry.signal === 'negative').length,
+    lessonsAdded: memoryEntries.length,
+    blocksAdded: auditEntries.filter((entry) => entry && entry.decision === 'deny').length,
+    warnsAdded: auditEntries.filter((entry) => entry && entry.decision === 'warn').length,
+    headline: 'No review checkpoint yet. Mark the current dashboard as reviewed to start seeing only new changes.',
+    latestFeedback: selectLatestRecord(feedbackEntries, (entry) => ({
+      title: pickFirstText(entry.title, entry.context, entry.whatWentWrong, entry.whatWorked) || 'Feedback event',
+      timestamp: entry.timestamp,
+      signal: entry.signal || null,
+    })),
+    latestLesson: selectLatestRecord(memoryEntries, (entry) => ({
+      title: pickFirstText(entry.title, entry.content) || 'Lesson event',
+      timestamp: entry.timestamp,
+      category: entry.category || null,
+    })),
+  };
+
+  if (!baseline || !baseline.reviewedAt) return noBaselineSummary;
+
+  const reviewedAtMs = new Date(baseline.reviewedAt).getTime();
+  if (!Number.isFinite(reviewedAtMs)) return noBaselineSummary;
+
+  const isAfterBaseline = (entry) => {
+    const timestamp = entry && entry.timestamp ? new Date(entry.timestamp).getTime() : NaN;
+    return Number.isFinite(timestamp) && timestamp > reviewedAtMs;
+  };
+  const newFeedback = feedbackEntries.filter(isAfterBaseline);
+  const newLessons = memoryEntries.filter(isAfterBaseline);
+  const newAudit = auditEntries.filter(isAfterBaseline);
+  const reviewFeedback = newFeedback.some((entry) => entry.signal === 'negative')
+    ? newFeedback.filter((entry) => entry.signal === 'negative')
+    : newFeedback;
+  const feedbackAdded = newFeedback.length;
+  const negativeAdded = newFeedback.filter((entry) => entry.signal === 'negative').length;
+  const lessonsAdded = newLessons.length;
+  const blocksAdded = newAudit.filter((entry) => entry && entry.decision === 'deny').length;
+  const warnsAdded = newAudit.filter((entry) => entry && entry.decision === 'warn').length;
+  let headline = 'No new review activity since your last checkpoint.';
+
+  if (feedbackAdded || lessonsAdded || blocksAdded || warnsAdded) {
+    const parts = [];
+    if (feedbackAdded) parts.push(`${feedbackAdded} feedback event${feedbackAdded === 1 ? '' : 's'}`);
+    if (negativeAdded) parts.push(`${negativeAdded} negative`);
+    if (lessonsAdded) parts.push(`${lessonsAdded} lesson${lessonsAdded === 1 ? '' : 's'}`);
+    if (blocksAdded) parts.push(`${blocksAdded} gate block${blocksAdded === 1 ? '' : 's'}`);
+    if (warnsAdded) parts.push(`${warnsAdded} warning${warnsAdded === 1 ? '' : 's'}`);
+    headline = `Since your last review: ${parts.join(' · ')}.`;
+  }
+
+  return {
+    hasBaseline: true,
+    reviewedAt: baseline.reviewedAt,
+    previousHead: baseline.gitHead || null,
+    currentHead: currentSnapshot.gitHead || null,
+    feedbackAdded,
+    negativeAdded,
+    lessonsAdded,
+    blocksAdded,
+    warnsAdded,
+    headline,
+    latestFeedback: selectLatestRecord(reviewFeedback, (entry) => ({
+      title: pickFirstText(entry.title, entry.context, entry.whatWentWrong, entry.whatWorked) || 'Feedback event',
+      timestamp: entry.timestamp,
+      signal: entry.signal || null,
+    })),
+    latestLesson: selectLatestRecord(newLessons, (entry) => ({
+      title: pickFirstText(entry.title, entry.content) || 'Lesson event',
+      timestamp: entry.timestamp,
+      category: entry.category || null,
+    })),
+  };
+}
+
 // ---------------------------------------------------------------------------
 // Approval rate + trend
 // ---------------------------------------------------------------------------
@@ -904,6 +1124,17 @@ function generateDashboard(feedbackDir, options = {}) {
   const diagnosticLogPath = path.join(feedbackDir, 'diagnostic-log.jsonl');
   const entries = collectAllFeedbackEntries(feedbackDir);
   const diagnosticEntries = readJSONL(diagnosticLogPath);
+  const memoryEntries = readJSONL(path.join(feedbackDir, 'memory-log.jsonl'));
+  const auditEntries = readJSONL(path.join(feedbackDir, AUDIT_LOG_FILENAME));
+  const reviewBaseline = options.reviewBaseline === undefined
+    ? readDashboardReviewState(feedbackDir)
+    : options.reviewBaseline;
+  const reviewSnapshot = buildReviewSnapshot(feedbackDir, {
+    feedbackEntries: entries,
+    memoryEntries,
+    auditEntries,
+    reviewedAt: options.now || new Date().toISOString(),
+  });
   const billingSummary = options.billingSummary || getBillingSummary(analyticsWindow);
 
   const approval = computeApprovalStats(entries);
@@ -1000,6 +1231,7 @@ function generateDashboard(feedbackDir, options = {}) {
     gateStats,
     team,
   });
+  const reviewDelta = summarizeReviewDelta(entries, memoryEntries, auditEntries, reviewBaseline, reviewSnapshot);
 
   return {
     operational: {
@@ -1029,6 +1261,7 @@ function generateDashboard(feedbackDir, options = {}) {
     templateLibrary,
     liveMetrics,
     predictive,
+    reviewDelta,
     feedbackTimeSeries,
     tokenSavings,
     lessonPipeline: {
@@ -1300,6 +1533,9 @@ function printDashboard(data) {
 
 module.exports = {
   generateDashboard,
+  buildReviewSnapshot,
+  readDashboardReviewState,
+  writeDashboardReviewState,
   printDashboard,
   computeApprovalStats,
   computeDecisionMetrics,

package/scripts/feedback-loop.js

@@ -1265,6 +1265,8 @@ function captureFeedback(params) {
     feedbackSession = openSession(feedbackEvent.id, signal, inferredContext);
   } catch (_err) { /* non-critical */ }
 
+  const correctiveActionsReminder = buildCorrectiveActionsReminder(correctiveActions);
+
   // Build result immediately — all remaining side-effects are deferred
   const result = {
     accepted: true,
@@ -1274,6 +1276,10 @@ function captureFeedback(params) {
     memoryRecord,
     _captureMs,
     ...(correctiveActions.length > 0 && { correctiveActions }),
+    ...(correctiveActionsReminder && {
+      systemReminder: correctiveActionsReminder,
+      thumbgateSystemReminder: correctiveActionsReminder,
+    }),
     ...(reflection && { reflection }),
     ...(feedbackSession && { feedbackSession }),
     ...(synthesisResult && { synthesis: synthesisResult }),
@@ -1911,9 +1917,25 @@ function compactMemories() {
   };
 }
 
+function buildCorrectiveActionsReminder(correctiveActions = []) {
+  if (!Array.isArray(correctiveActions) || correctiveActions.length === 0) return null;
+  const lines = correctiveActions
+    .slice(0, 3)
+    .map((action) => {
+      const type = String(action.type || action.source || 'corrective_action').replace(/_/g, ' ');
+      const text = String(action.text || action.action || action.description || '').trim();
+      if (!text) return null;
+      return `  - ${type}: ${text.slice(0, 240)}`;
+    })
+    .filter(Boolean);
+  if (lines.length === 0) return null;
+  return `[ThumbGate] Corrective actions from prior lessons - apply before the next tool call:\n${lines.join('\n')}`;
+}
+
 module.exports = {
   captureFeedback,
   compactMemories,
+  buildCorrectiveActionsReminder,
   analyzeFeedback,
   buildPreventionRules,
   writePreventionRules,