thumbgate 0.9.9 → 0.9.11

package/config/gates/default.json

@@ -4,10 +4,54 @@
     {
       "id": "local-only-git-writes",
       "layer": "Identity",
-      "pattern": "^(git\\s+(add|commit|push)|gh\\s+pr\\s+)",
+      "pattern": "^(git\\s+(add|commit|push|tag)|gh\\s+pr\\s+|gh\\s+release\\s+create|npm\\s+publish|yarn\\s+publish|pnpm\\s+publish)",
       "action": "block",
       "when": { "constraints": { "local_only": true } },
-      "message": "User requested local-only work. Git writes and PR operations are blocked.",
+      "message": "User requested local-only work. Git writes, PR operations, and release actions are blocked.",
+      "severity": "critical"
+    },
+    {
+      "id": "task-scope-required",
+      "layer": "Decisions",
+      "toolNames": ["Bash"],
+      "pattern": "^(git\\s+(add|commit|push)|gh\\s+pr\\s+(create|merge)|gh\\s+release\\s+create|git\\s+tag\\b|npm\\s+publish|yarn\\s+publish|pnpm\\s+publish)",
+      "requireTaskScope": true,
+      "action": "block",
+      "message": "Git write, PR, release, and publish operations require an explicit task scope.",
+      "severity": "critical"
+    },
+    {
+      "id": "task-scope-edit-boundary",
+      "layer": "Decisions",
+      "toolNames": ["Edit", "Write", "MultiEdit"],
+      "pattern": ".*",
+      "requireTaskScope": true,
+      "scopeMode": "declared-only",
+      "action": "block",
+      "message": "Edits outside the declared task scope are blocked once a task scope is active.",
+      "severity": "critical"
+    },
+    {
+      "id": "protected-file-approval-required",
+      "layer": "Decisions",
+      "toolNames": ["Edit", "Write", "MultiEdit", "Bash"],
+      "pattern": ".*",
+      "requireProtectedApproval": true,
+      "protectedGlobs": [
+        "AGENTS.md",
+        "CLAUDE.md",
+        "CLAUDE.local.md",
+        "GEMINI.md",
+        "README.md",
+        ".gitignore",
+        ".husky/**",
+        ".claude/**",
+        "skills/**",
+        "SKILL.md",
+        "config/gates/**"
+      ],
+      "action": "block",
+      "message": "Protected files require explicit approval before editing or publishing.",
       "severity": "critical"
     },
     {
@@ -28,6 +72,34 @@
       "message": "PR merging requires explicit 'pr_merge_allowed' satisfaction with evidence of user permission.",
       "severity": "high"
     },
+    {
+      "id": "branch-governance-required",
+      "layer": "Decisions",
+      "toolNames": ["Bash"],
+      "pattern": "^(gh\\s+pr\\s+(create|merge)|gh\\s+release\\s+create|git\\s+tag\\b|npm\\s+publish|yarn\\s+publish|pnpm\\s+publish)",
+      "requireBranchGovernance": true,
+      "action": "block",
+      "message": "PR, release, and publish actions require explicit branch governance.",
+      "severity": "critical"
+    },
+    {
+      "id": "release-readiness-required",
+      "layer": "Execution",
+      "toolNames": ["Bash"],
+      "pattern": "^(gh\\s+release\\s+create|git\\s+tag\\b|npm\\s+publish|yarn\\s+publish|pnpm\\s+publish)",
+      "requireReleaseReadiness": true,
+      "action": "block",
+      "message": "Release and publish actions require a releasable mainline commit and a matching version plan.",
+      "severity": "critical"
+    },
+    {
+      "id": "admin-merge-bypass-blocked",
+      "layer": "Execution",
+      "pattern": "gh\\s+pr\\s+merge.*--admin",
+      "action": "block",
+      "message": "Admin merge bypass is blocked. Use the merge queue or normal protected-branch flow.",
+      "severity": "critical"
+    },
     {
       "id": "loop-abuse-prevention",
       "layer": "Decisions",

package/config/github-about.json

@@ -2,7 +2,7 @@
   "repo": "IgorGanapolsky/ThumbGate",
   "repositoryUrl": "https://github.com/IgorGanapolsky/ThumbGate",
   "homepageUrl": "https://thumbgate-production.up.railway.app",
-  "description": "Pre-action gates for AI coding agents. Skill disclosure cuts tokens. Hallucination and PII checks harden outputs. 👍 Thumbs up reinforces good behavior. 👎 Thumbs down blocks repeated mistakes. Free is local. History-aware lessons distill vague feedback. Team adds shared lessons and org visibility, plus generated review views.",
+  "description": "Pre-action gates for AI coding agents. 👎 Thumbs down → prevention rule → mistake permanently blocked. 👍 Thumbs up → pattern reinforced. History-aware lessons from your corrections. Team adds shared lessons and org visibility.",
   "topics": [
     "thumbgate",
     "pre-action-gates",

package/config/mcp-allowlists.json

@@ -10,7 +10,7 @@
       "feedback_summary",
       "search_lessons",
       "retrieve_lessons",
-      "search_rlhf",
+      "search_thumbgate",
       "reflect_on_feedback",
       "feedback_stats",
       "diagnose_failure",
@@ -28,8 +28,14 @@
       "commerce_recall",
       "generate_skill",
       "satisfy_gate",
+      "set_task_scope",
+      "get_scope_state",
+      "set_branch_governance",
+      "get_branch_governance",
+      "approve_protected_action",
       "track_action",
       "verify_claim",
+      "check_operational_integrity",
       "register_claim_gate",
       "gate_stats",
       "dashboard",
@@ -52,11 +58,17 @@
       "recall",
       "search_lessons",
       "retrieve_lessons",
-      "search_rlhf",
+      "search_thumbgate",
       "reflect_on_feedback",
       "prevention_rules",
+      "set_task_scope",
+      "get_scope_state",
+      "set_branch_governance",
+      "get_branch_governance",
+      "approve_protected_action",
       "track_action",
       "verify_claim",
+      "check_operational_integrity",
       "feedback_stats",
       "feedback_summary",
       "estimate_uncertainty",
@@ -66,10 +78,16 @@
       "capture_feedback",
       "recall",
       "retrieve_lessons",
-      "search_rlhf",
+      "search_thumbgate",
       "commerce_recall",
+      "set_task_scope",
+      "get_scope_state",
+      "set_branch_governance",
+      "get_branch_governance",
+      "approve_protected_action",
       "track_action",
       "verify_claim",
+      "check_operational_integrity",
       "prevention_rules",
       "feedback_stats",
       "feedback_summary"
@@ -79,7 +97,7 @@
       "feedback_summary",
       "search_lessons",
       "retrieve_lessons",
-      "search_rlhf",
+      "search_thumbgate",
       "feedback_stats",
       "diagnose_failure",
       "list_harnesses",
@@ -88,7 +106,10 @@
       "start_handoff",
       "complete_handoff",
       "context_provenance",
+      "get_scope_state",
+      "get_branch_governance",
       "verify_claim",
+      "check_operational_integrity",
       "gate_stats",
       "dashboard",
       "settings_status",
@@ -102,7 +123,7 @@
       "feedback_summary",
       "search_lessons",
       "retrieve_lessons",
-      "search_rlhf",
+      "search_thumbgate",
       "feedback_stats",
       "diagnose_failure",
       "list_harnesses",
@@ -110,7 +131,10 @@
       "plan_intent",
       "run_harness",
       "context_provenance",
+      "get_scope_state",
+      "get_branch_governance",
       "verify_claim",
+      "check_operational_integrity",
       "gate_stats",
       "dashboard",
       "settings_status",
@@ -123,12 +147,15 @@
       "feedback_summary",
       "search_lessons",
       "retrieve_lessons",
-      "search_rlhf",
+      "search_thumbgate",
       "diagnose_failure",
       "list_intents",
       "plan_intent",
       "list_harnesses",
+      "get_scope_state",
+      "get_branch_governance",
       "verify_claim",
+      "check_operational_integrity",
       "settings_status"
     ]
   }

package/config/skill-packs/react-testing.json

@@ -19,5 +19,5 @@
     "maxChars": 6000,
     "queryPrefix": "react-testing react testing"
   },
-  "registeredAt": "2026-04-06T14:11:37.315Z"
+  "registeredAt": "2026-04-06T16:47:22.804Z"
 }

package/config/tessl-tiles.json

@@ -17,12 +17,12 @@
       ]
     },
     {
-      "id": "rlhf-feedback",
-      "tileName": "rlhf-feedback",
+      "id": "thumbgate-feedback",
+      "tileName": "thumbgate-feedback",
       "summary": "Thumbs up and thumbs down capture that turns agent feedback into structured memories and prevention rules.",
       "private": false,
       "sourceSkills": [
-        "rlhf-feedback"
+        "thumbgate-feedback"
       ]
     }
   ]

package/openapi/openapi.yaml

@@ -1009,7 +1009,7 @@ paths:
           description: Unauthorized
   /v1/search:
     get:
-      operationId: searchRlhf
+      operationId: searchThumbgate
       parameters:
         - in: query
           name: q
@@ -1038,7 +1038,7 @@ paths:
         '401':
           description: Unauthorized
     post:
-      operationId: searchRlhfPost
+      operationId: searchThumbgatePost
       requestBody:
         required: true
         content:

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
-  "version": "0.9.9",
-  "description": "ThumbGate — Pre-action gates that block AI coding agents from repeating known mistakes. SQLite+FTS5 lesson DB with corrective-action inference. MemAlign-inspired dual recall (principles + episodic context). Thompson Sampling for adaptive gate sensitivity. LanceDB vector search. Captures feedback, auto-promotes failures into prevention rules, and enforces them via PreToolUse hooks.",
+  "version": "0.9.11",
+  "description": "ThumbGate \u2014 Make your AI coding agent self-improving. Every mistake becomes a prevention rule that physically blocks the agent from repeating it. Feedback-driven enforcement via PreToolUse hooks, Thompson Sampling for adaptive gates, SQLite+FTS5 lesson DB, and LanceDB vector search. Your agent gets smarter with every session.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
     "type": "git",
@@ -12,8 +12,7 @@
   },
   "main": "scripts/feedback-loop.js",
   "bin": {
-    "thumbgate": "bin/cli.js",
-    "rlhf": "bin/cli.js"
+    "thumbgate": "bin/cli.js"
   },
   "files": [
     "bin/",
@@ -65,10 +64,9 @@
     "social:mcp": "node scripts/social-analytics/mcp-server.js",
     "social:post-everywhere": "node scripts/post-everywhere.js",
     "social:post-everywhere:dry": "node scripts/post-everywhere.js --dry-run",
-    "social:publish:launch": "node scripts/social-analytics/publish-thumbgate-launch.js",
     "social:reply-monitor": "node scripts/social-reply-monitor.js",
     "social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
-    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:lesson-retrieval && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator",
+    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:lesson-retrieval && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets",
     "test:feedback-fallback": "node --test tests/feedback-fallback.test.js",
     "test:metaclaw": "node --test tests/metaclaw-features.test.js",
     "test:server-lock": "node --test tests/server-stdio-lock.test.js",
@@ -117,7 +115,7 @@
     "test:loop": "node scripts/feedback-loop.js --test",
     "test:dpo": "node scripts/export-dpo-pairs.js --test",
     "test:kto": "node --test tests/export-kto.test.js",
-    "test:api": "node --test --test-concurrency=1 tests/api-server.test.js tests/api-auth-config.test.js tests/mcp-server.test.js tests/adapters.test.js tests/openapi-parity.test.js tests/budget-guard.test.js tests/contextfs.test.js tests/pack-templates.test.js tests/dashboard.test.js tests/dashboard-render-spec.test.js tests/dashboard-html.test.js tests/agent-readiness.test.js tests/mcp-policy.test.js tests/subagent-profiles.test.js tests/intent-router.test.js tests/internal-agent-bootstrap.test.js tests/lesson-search.test.js tests/thumbgate-search.test.js tests/rubric-engine.test.js tests/self-healing-check.test.js tests/self-heal.test.js tests/feedback-schema.test.js tests/thompson-sampling.test.js tests/feedback-sequences.test.js tests/diversity-tracking.test.js tests/vector-store.test.js tests/feedback-attribution.test.js tests/hybrid-feedback-context.test.js tests/loop-closure.test.js tests/code-reasoning.test.js tests/feedback-loop.test.js tests/feedback-inbox-read.test.js tests/feedback-to-memory.test.js tests/test-coverage.test.js tests/version-metadata.test.js tests/claude-mcpb.test.js tests/claude-codex-bridge.test.js tests/cursor-plugin.test.js tests/codex-plugin.test.js tests/telemetry-analytics.test.js tests/public-landing.test.js tests/local-model-profile.test.js tests/risk-scorer.test.js tests/context-compaction.test.js tests/reminder-engine.test.js tests/post-to-x.test.js tests/verification-loop.test.js tests/async-job-runner.test.js tests/commerce-quality.test.js tests/recall-limit.test.js tests/problem-detail.test.js tests/natural-language-harness.test.js tests/settings-hierarchy.test.js",
+    "test:api": "node --test --test-concurrency=1 tests/api-server.test.js tests/api-auth-config.test.js tests/mcp-server.test.js tests/adapters.test.js tests/openapi-parity.test.js tests/budget-guard.test.js tests/contextfs.test.js tests/pack-templates.test.js tests/dashboard.test.js tests/dashboard-render-spec.test.js tests/dashboard-html.test.js tests/agent-readiness.test.js tests/mcp-policy.test.js tests/subagent-profiles.test.js tests/intent-router.test.js tests/internal-agent-bootstrap.test.js tests/lesson-search.test.js tests/thumbgate-search.test.js tests/rubric-engine.test.js tests/self-healing-check.test.js tests/self-heal.test.js tests/feedback-schema.test.js tests/thompson-sampling.test.js tests/feedback-sequences.test.js tests/diversity-tracking.test.js tests/vector-store.test.js tests/feedback-attribution.test.js tests/hybrid-feedback-context.test.js tests/loop-closure.test.js tests/code-reasoning.test.js tests/feedback-loop.test.js tests/feedback-inbox-read.test.js tests/feedback-to-memory.test.js tests/test-coverage.test.js tests/version-metadata.test.js tests/claude-mcpb.test.js tests/claude-codex-bridge.test.js tests/cursor-plugin.test.js tests/codex-plugin.test.js tests/telemetry-analytics.test.js tests/public-landing.test.js tests/pro-landing.test.js tests/local-model-profile.test.js tests/risk-scorer.test.js tests/context-compaction.test.js tests/reminder-engine.test.js tests/post-to-x.test.js tests/verification-loop.test.js tests/async-job-runner.test.js tests/commerce-quality.test.js tests/recall-limit.test.js tests/problem-detail.test.js tests/natural-language-harness.test.js tests/settings-hierarchy.test.js",
     "test:proof": "node --test tests/prove-adapters.test.js tests/prove-attribution.test.js tests/prove-cloudflare-sandbox.test.js tests/prove-data-quality.test.js tests/prove-intelligence.test.js tests/prove-lancedb.test.js tests/prove-loop-closure.test.js tests/prove-subway-upgrades.test.js tests/prove-training-export.test.js tests/prove-local-intelligence.test.js tests/prove-workflow-contract.test.js tests/prove-autoresearch.test.js tests/prove-claim-verification.test.js tests/prove-data-pipeline.test.js tests/prove-evolution.test.js tests/prove-harnesses.test.js tests/prove-runtime.test.js tests/prove-seo-gsd.test.js tests/prove-settings.test.js tests/prove-xmemory.test.js && node --test tests/prove-automation.test.js",
     "test:e2e": "node --test tests/e2e-pipeline.test.js tests/e2e-product-flows.test.js tests/e2e-coverage-contract.test.js",
     "test:rlaif": "node --test tests/rlaif-self-audit.test.js tests/dpo-optimizer.test.js tests/meta-policy.test.js",
@@ -126,6 +124,7 @@
     "test:intelligence": "node --test tests/intelligence.test.js",
     "test:training-export": "node --test tests/training-export.test.js tests/databricks-export.test.js",
     "test:deployment": "node --test tests/deployment.test.js tests/deploy-policy.test.js tests/publish-decision.test.js",
+    "test:operational-integrity": "node --test tests/operational-integrity.test.js",
     "test:workflow": "node --test tests/workflow-contract.test.js tests/social-marketing-assets.test.js tests/social-pipeline.test.js tests/positioning-contract.test.js tests/workflow-runs.test.js tests/workflow-sprint-intake.test.js tests/gtm-revenue-loop.test.js",
     "test:billing": "node --test tests/billing.test.js",
     "test:cli": "node --test tests/analytics-report.test.js tests/creator-campaigns.test.js tests/cli.test.js tests/codex-bridge-script.test.js tests/dispatch-brief.test.js tests/feedback-normalize.test.js tests/install-mcp.test.js tests/pr-manager.test.js tests/pro-local-dashboard.test.js tests/revenue-status.test.js",
@@ -158,6 +157,8 @@
     "tessl:export": "node scripts/tessl-export.js export",
     "tessl:verify": "node scripts/tessl-export.js verify",
     "deploy:policy": "node scripts/deploy-policy.js",
+    "ops:integrity": "node scripts/operational-integrity.js",
+    "ops:integrity:ci": "node scripts/operational-integrity.js --ci",
     "prove:adapters": "node --test tests/prove-adapters.test.js",
     "prove:automation": "node --test tests/prove-automation.test.js",
     "prove:workflow-contract": "node --test tests/prove-workflow-contract.test.js",
@@ -219,10 +220,23 @@
     "test:money-watcher": "node --test tests/money-watcher.test.js",
     "test:utm": "node --test tests/utm.test.js",
     "test:product-feedback": "node --test tests/product-feedback.test.js",
-    "test:feedback-root-consolidator": "node --test tests/feedback-root-consolidator.test.js"
+    "test:feedback-root-consolidator": "node --test tests/feedback-root-consolidator.test.js",
+    "social:publish:launch": "node scripts/social-analytics/publish-thumbgate-launch.js",
+    "social:schedule:campaign": "node scripts/social-analytics/schedule-thumbgate-campaign.js",
+    "social:install:growth": "node scripts/social-analytics/install-growth-automation.js",
+    "social:reconcile:campaign": "node scripts/social-analytics/reconcile-thumbgate-campaign.js",
+    "social:sync:launch-assets": "node scripts/social-analytics/sync-launch-assets.js",
+    "social:engagement:audit": "node scripts/social-analytics/engagement-audit.js",
+    "test:install-growth-automation": "node --test tests/install-growth-automation.test.js",
+    "test:publish-thumbgate-launch": "node --test tests/publish-thumbgate-launch.test.js",
+    "test:reconcile-thumbgate-campaign": "node --test tests/reconcile-thumbgate-campaign.test.js",
+    "test:schedule-thumbgate-campaign": "node --test tests/schedule-thumbgate-campaign.test.js",
+    "test:social-reply-monitor": "node --test tests/social-reply-monitor.test.js",
+    "test:sync-launch-assets": "node --test tests/sync-launch-assets.test.js",
+    "test:reddit-publisher": "node --test tests/reddit-publisher.test.js",
+    "test:engagement-audit": "node --test tests/engagement-audit.test.js"
   },
   "keywords": [
-    "rlhf",
     "mcp",
     "mcp-server",
     "ai-agents",

package/plugins/amp-skill/INSTALL.md

@@ -5,13 +5,14 @@ Install the ThumbGate skill for Amp in under 60 seconds. No manual file editing
 ## One-Command Install
 
 ```bash
-cp plugins/amp-skill/SKILL.md .amp/skills/rlhf-feedback.md
+cp plugins/amp-skill/SKILL.md .amp/skills/thumbgate-feedback.md
 ```
 
 Or from the npm package:
 
 ```bash
 npx thumbgate init
+cp node_modules/thumbgate/plugins/amp-skill/SKILL.md .amp/skills/thumbgate-feedback.md
 cp node_modules/thumbgate/plugins/amp-skill/SKILL.md .amp/skills/rlhf-feedback.md
 ```
 
@@ -48,5 +49,5 @@ node .thumbgate/capture-feedback.js --feedback=down --context="..." --what-went-
 ## Uninstall
 
 ```bash
-rm .amp/skills/rlhf-feedback.md
+rm .amp/skills/thumbgate-feedback.md
 ```

package/plugins/amp-skill/SKILL.md

@@ -1,4 +1,5 @@
 ---
+name: thumbgate-feedback
 name: rlhf-feedback
 description: Dual-write feedback to Amp MCP memory AND thumbgate for DPO export, analytics, and cross-platform portability
 ---

package/plugins/claude-codex-bridge/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-bridge",
-  "version": "0.9.9",
+  "version": "0.9.11",
   "description": "Run Codex review, adversarial review, and second-pass handoffs from Claude Code while keeping ThumbGate reliability memory in the loop.",
   "author": {
     "name": "Igor Ganapolsky",

package/plugins/claude-codex-bridge/.mcp.json

@@ -1,10 +1,12 @@
 {
   "mcpServers": {
-    "rlhf": {
+    "thumbgate": {
       "command": "npx",
       "args": [
-        "-y",
-        "thumbgate@0.9.9",
+        "--yes",
+        "--package",
+        "thumbgate@0.9.11",
+        "thumbgate",
         "serve"
       ]
     }

package/plugins/claude-codex-bridge/README.md

@@ -6,7 +6,7 @@ This repo-local Claude Code plugin brings Codex into the same workflow for three
 - skeptical adversarial review before risky merges or deploys
 - second-pass handoff when you want a different agent to take another shot
 
-The plugin keeps ThumbGate's local reliability memory available through the bundled `rlhf` MCP server while the bridge script persists Codex artifacts in `${CLAUDE_PLUGIN_DATA}`.
+The plugin keeps ThumbGate's local reliability memory available through the bundled `thumbgate` MCP server while the bridge script persists Codex artifacts in `${CLAUDE_PLUGIN_DATA}`.
 
 ## Shipped skills
 

package/plugins/claude-codex-bridge/skills/setup/SKILL.md

@@ -18,4 +18,4 @@ Then explain:
 - whether `codex` is installed
 - whether `codex exec review` is available
 - where the persistent bridge artifact directory lives
-- whether ThumbGate's bundled `rlhf` MCP server config is present
+- whether ThumbGate's bundled `thumbgate` MCP server config is present

package/plugins/claude-skill/INSTALL.md

@@ -5,13 +5,14 @@ Install the skill in under 60 seconds. No manual file editing required.
 ## One-Command Install
 
 ```bash
-cp plugins/claude-skill/SKILL.md .claude/skills/rlhf-feedback.md
+cp plugins/claude-skill/SKILL.md .claude/skills/thumbgate-feedback.md
 ```
 
 Or from the published npm package:
 
 ```bash
 npx thumbgate init
+cp node_modules/thumbgate/plugins/claude-skill/SKILL.md .claude/skills/thumbgate-feedback.md
 cp node_modules/thumbgate/plugins/claude-skill/SKILL.md .claude/skills/rlhf-feedback.md
 ```
 
@@ -27,7 +28,7 @@ After copying, restart Claude Code and run:
 
 ```bash
 # Claude Code will show available skills:
-# rlhf-feedback — Capture thumbs up/down feedback into structured memories
+# thumbgate-feedback — Capture thumbs up/down feedback into structured memories
 ```
 
 Then test it:
@@ -51,5 +52,5 @@ node .thumbgate/capture-feedback.js --feedback=up --context="skill install verif
 ## Uninstall
 
 ```bash
-rm .claude/skills/rlhf-feedback.md
+rm .claude/skills/thumbgate-feedback.md
 ```

package/plugins/claude-skill/SKILL.md

@@ -1,5 +1,5 @@
 ---
-name: rlhf-feedback
+name: thumbgate-feedback
 description: >
   Capture thumbs up/down feedback into structured memories and prevention rules.
   Use when user gives explicit quality signals about agent work (e.g. "that worked",

package/plugins/codex-profile/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-profile",
-  "version": "0.9.9",
+  "version": "0.9.11",
   "description": "ThumbGate for Codex: pre-action gates, skill packs, hallucination detection, PII scanning, progressive disclosure (82% token savings), and MCP-backed reliability memory.",
   "author": {
     "name": "Igor Ganapolsky",

package/plugins/codex-profile/.mcp.json

@@ -1,10 +1,12 @@
 {
   "mcpServers": {
-    "rlhf": {
+    "thumbgate": {
       "command": "npx",
       "args": [
-        "-y",
-        "thumbgate@0.9.9",
+        "--yes",
+        "--package",
+        "thumbgate@0.9.11",
+        "thumbgate",
         "serve"
       ]
     }

package/plugins/codex-profile/INSTALL.md

@@ -31,7 +31,7 @@ The following block is appended to `~/.codex/config.toml`:
 ```toml
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["-y", "thumbgate@0.9.9", "serve"]
+args = ["--yes", "--package", "thumbgate@0.9.11", "thumbgate", "serve"]
 ```
 
 The repo-local Codex app plugin ships the same runtime path through `plugins/codex-profile/.mcp.json`, so the manual config and plugin metadata stay aligned.
@@ -46,7 +46,7 @@ node adapters/mcp/server-stdio.js
 # Press Ctrl+C to stop
 ```
 
-Then restart Codex. The `rlhf` MCP server will appear in the tool list.
+Then restart Codex. The `thumbgate` MCP server will appear in the tool list.
 
 ## Available Tools (via MCP)
 

package/plugins/codex-profile/README.md

@@ -29,7 +29,7 @@ That profile launches:
 ```toml
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["-y", "thumbgate@0.9.9", "serve"]
+args = ["--yes", "--package", "thumbgate@0.9.11", "thumbgate", "serve"]
 ```
 
 ## Why this exists

package/plugins/cursor-marketplace/.cursor-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "thumbgate",
   "displayName": "ThumbGate",
   "description": "👍👎 Thumbs down a mistake — your AI agent won't repeat it. Thumbs up good work — it remembers the pattern.",
-  "version": "0.9.9",
+  "version": "0.9.11",
   "author": {
     "name": "Igor Ganapolsky"
   },

package/plugins/cursor-marketplace/README.md

@@ -22,7 +22,7 @@ How it works:
 
 | File | Always on | Description |
 |------|-----------|-------------|
-| `rules/pre-action-gates.mdc` | Yes | Before risky tool calls (git push, rm -rf, npm publish, deploy), check prevention rules via the rlhf MCP server. Blocks and explains if a rule matches. |
+| `rules/pre-action-gates.mdc` | Yes | Before risky tool calls (git push, rm -rf, npm publish, deploy), check prevention rules via the thumbgate MCP server. Blocks and explains if a rule matches. |
 | `rules/feedback-capture.mdc` | No | After any mistake or unexpected behavior, prompt to capture structured feedback with context and tags. |
 | `rules/session-continuity.mdc` | No | At session start, recall past context; at session end, hand off state for next session. |
 
@@ -53,13 +53,13 @@ How it works:
 
 | Hook | Trigger | Description |
 |------|---------|-------------|
-| `beforeShellExecution` | `git push`, `rm -rf`, `npm publish`, `deploy` | Runs `scripts/gate-check.sh` to perform a pre-action health check via `thumbgate doctor`. |
+| `beforeShellExecution` | `git push`, `rm -rf`, `npm publish`, `deploy` | Runs `scripts/gate-check.sh` to evaluate the command through ThumbGate `gate-check` before execution. |
 
 ### MCP Server
 
 | Server | Command |
 |--------|---------|
-| `rlhf` | `npx -y thumbgate@latest serve` |
+| `thumbgate` | `npx --yes --package thumbgate@latest thumbgate serve` |
 
 ## Install
 
@@ -90,9 +90,9 @@ Or copy the plugin MCP config into `.cursor/mcp.json`:
 ```json
 {
   "mcpServers": {
-    "rlhf": {
+    "thumbgate": {
       "command": "npx",
-      "args": ["-y", "thumbgate@latest", "serve"]
+      "args": ["--yes", "--package", "thumbgate@latest", "thumbgate", "serve"]
     }
   }
 }

package/plugins/cursor-marketplace/mcp.json

@@ -1,10 +1,12 @@
 {
   "mcpServers": {
-    "rlhf": {
+    "thumbgate": {
       "command": "npx",
       "args": [
-        "-y",
+        "--yes",
+        "--package",
         "thumbgate@latest",
+        "thumbgate",
         "serve"
       ]
     }

package/plugins/cursor-marketplace/rules/pre-action-gates.mdc

@@ -1,5 +1,5 @@
 ---
-description: Before risky tool calls (git push, rm -rf, npm publish, deploy), check prevention rules via the rlhf MCP server. If a rule matches, STOP and explain why.
+description: Before risky tool calls (git push, rm -rf, npm publish, deploy), check prevention rules via the thumbgate MCP server. If a rule matches, STOP and explain why.
 alwaysApply: true
 ---
 

package/plugins/cursor-marketplace/scripts/gate-check.sh

@@ -1,11 +1,21 @@
 #!/usr/bin/env bash
 # Pre-action gate check — runs before risky shell commands.
 # Called by hooks/hooks.json beforeShellExecution hook.
-# Performs a quick health check via thumbgate doctor.
+# Delegates to the published ThumbGate gate-check entrypoint.
 
 set -euo pipefail
 
-npx -y thumbgate@latest doctor 2>/dev/null || {
-  echo "[gate-check] thumbgate doctor returned non-zero — review before proceeding." >&2
-  exit 1
-}
+INPUT=$(cat)
+RESULT=$(echo "$INPUT" | npx --yes --package thumbgate@latest thumbgate gate-check 2>/dev/null) || true
+
+if [ -z "$RESULT" ]; then
+  exit 0
+fi
+
+echo "$RESULT"
+
+if echo "$RESULT" | grep -q '"permissionDecision":\s*"deny"'; then
+  exit 2
+fi
+
+exit 0