thumbgate 1.1.0 → 1.3.0

package/.claude-plugin/README.md

@@ -2,13 +2,13 @@
 
 `thumbgate` gives Claude Desktop a local-first **Reliability Gateway** and **Pre-Action Gates** for workflow hardening.
 
-The extension path is useful when a team wants Claude Desktop to keep one workflow sharper over time without adding another orchestration layer. The MCP server captures explicit feedback, recalls past failures, distills lessons from the recent conversation window when a thumbs signal is vague, promotes reusable prevention rules, and produces proof-backed rollout artifacts.
+The extension path is useful when a team wants Claude Desktop to keep one workflow sharper over time without adding another orchestration layer. The MCP server captures explicit feedback, recalls past failures, distills lessons from up to 8 prior recorded entries when the current Claude hook only gets a vague thumbs-down, promotes reusable prevention rules, and produces proof-backed rollout artifacts.
 
 ## Features
 
 - Workflow hardening for Claude-first engineering and ops workflows
 - Pre-Action Gates that block repeated mistakes before tool use
-- History-aware lesson distillation from the last ~10 messages and failed tool calls
+- History-aware lesson distillation from up to 8 prior recorded entries and failed tool calls in the current Claude auto-capture path
 - Reliability memory and recall across long sessions
 - Bounded context packs, provenance, and diagnostics
 - DPO export and analytics bundle generation after runtime reliability lands
@@ -105,9 +105,9 @@ Optional hosted path:
 
 **User prompt:** "👎 That was wrong."
 **Expected behavior:**
-- Claude Desktop can pass the last ~10 messages and the failed tool call into `capture_feedback`
+- Claude Desktop can pass up to 8 prior recorded entries and the failed tool call into `capture_feedback`
 - ThumbGate distills a proposed `whatWentWrong` and `whatToChange` from recent history
-- A linked follow-up note can refine the same feedback record with `relatedFeedbackId`
+- A linked 60-second follow-up session can refine the same feedback record with `relatedFeedbackId`
 
 ## Privacy Policy
 

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "plugins": [
     {
       "name": "thumbgate",

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "Pre-action gates that block AI coding agents from repeating known mistakes. Captures feedback, auto-promotes failures into prevention rules, and enforces them via PreToolUse hooks.",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "author": {
     "name": "Igor Ganapolsky"
   },

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://github.com/IgorGanapolsky/thumbgate",
   "transport": "stdio",

package/README.md

@@ -1,23 +1,27 @@
 # ThumbGate
 
-Make your AI coding agent self-improving. One thumbs-down creates a gate that permanently blocks the mistake.
+Make your AI coding agent self-improving. ThumbGate turns thumbs-up and thumbs-down into a learned control plane for autonomous development: pre-action gates, a trained intervention policy, workflow governance, and isolated execution guidance for high-risk runs.
 
 [![CI](https://github.com/IgorGanapolsky/ThumbGate/actions/workflows/ci.yml/badge.svg)](https://github.com/IgorGanapolsky/ThumbGate/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/thumbgate)](https://www.npmjs.com/package/thumbgate)
 [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
-[![Try Free](https://img.shields.io/badge/Pro-Try%20Free%20→-635bff?style=for-the-badge&logo=stripe&logoColor=white)](https://thumbgate-production.up.railway.app/checkout/pro?utm_source=github&utm_medium=readme&utm_campaign=badge_cta)
+[![Start Sprint](https://img.shields.io/badge/Workflow%20Hardening%20Sprint-Start%20Intake%20→-16a34a?style=for-the-badge)](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=badge_cta#workflow-sprint-intake)
 
-**[Pro Page](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page)** · **[Live Dashboard](https://thumbgate-production.up.railway.app/dashboard?utm_source=github&utm_medium=readme&utm_campaign=top_cta)** · **[Pricing](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=top_cta#pricing)** · **[Setup Guide](https://thumbgate-production.up.railway.app/guide?utm_source=github&utm_medium=readme&utm_campaign=top_cta)**
+**[Workflow Hardening Sprint](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=top_cta#workflow-sprint-intake)** · **[Pro Page](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page)** · **[Live Dashboard](https://thumbgate-production.up.railway.app/dashboard?utm_source=github&utm_medium=readme&utm_campaign=top_cta)** · **[Setup Guide](https://thumbgate-production.up.railway.app/guide?utm_source=github&utm_medium=readme&utm_campaign=top_cta)**
 
 **Popular buyer questions:** **[How to stop repeated AI agent mistakes](https://thumbgate-production.up.railway.app/guides/stop-repeated-ai-agent-mistakes?utm_source=github&utm_medium=readme&utm_campaign=buyer_questions)** · **[Cursor guardrails](https://thumbgate-production.up.railway.app/guides/cursor-agent-guardrails?utm_source=github&utm_medium=readme&utm_campaign=buyer_questions)** · **[Codex CLI guardrails](https://thumbgate-production.up.railway.app/guides/codex-cli-guardrails?utm_source=github&utm_medium=readme&utm_campaign=buyer_questions)** · **[Gemini CLI memory + enforcement](https://thumbgate-production.up.railway.app/guides/gemini-cli-feedback-memory?utm_source=github&utm_medium=readme&utm_campaign=buyer_questions)**
 
 ### Get Started
 
-**ThumbGate Pro (Recommended)** — zero config, team analytics, shared lesson DB:
+**Best first paid motion for teams:** the **Workflow Hardening Sprint**.
 
-[![Sign up for ThumbGate Pro](https://img.shields.io/badge/>>%20Start%20Free%20→%20ThumbGate%20Pro-635bff?style=for-the-badge)](https://thumbgate-production.up.railway.app/checkout/pro?utm_source=github&utm_medium=readme&utm_campaign=get_started)
+[![Start Workflow Hardening Sprint](https://img.shields.io/badge/>>%20Start%20Intake%20→%20Workflow%20Hardening%20Sprint-16a34a?style=for-the-badge)](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=get_started#workflow-sprint-intake)
 
-Free for individual developers. Pro adds team dashboards, DPO export, and unlimited lesson search. [See pricing →](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=pricing_link#pricing)
+One workflow. One owner. One proof review. That is the fastest path to a paid team engagement because it qualifies a real blocker before anyone tries to sell a full rollout.
+
+**Self-serve for individual operators:** [ThumbGate Pro](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page) is the paid lane for the personal local dashboard, DPO export, and review-ready evidence.
+
+Free stays for individual developers. Pro is **$19/mo or $149/yr** for solo operators. Team pricing anchors at **$12/seat/mo with a 3-seat minimum**, but the public Team path remains intake-first through the sprint. [See pricing →](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=pricing_link#pricing)
 
 **Paid path for individual operators:** [ThumbGate Pro](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page) is the buyer-ready page for the personal local dashboard, DPO export, and review-ready evidence. It makes the paid upgrade legible before checkout while the self-hosted path below stays optimized for open source evaluation.
 
@@ -27,6 +31,26 @@ Free for individual developers. Pro adds team dashboards, DPO export, and unlimi
 npx thumbgate init
 ```
 
+## Enterprise Story
+
+ThumbGate is the control plane for AI coding agents:
+
+- Feedback becomes enforcement, so repeated failures stop at the gate instead of reappearing in review.
+- Workflow Sentinel scores blast radius before execution, so risky PR, release, and publish flows are visible early.
+- High-risk local actions can be routed into Docker Sandboxes, while hosted team automations use a signed isolated sandbox lane.
+- Team rollout stays tied to [Verification Evidence](docs/VERIFICATION_EVIDENCE.md) instead of trust-me operator claims.
+
+## Release Confidence
+
+Enterprise buyers do not just need a safer runtime. They need legible publishes.
+
+- Release-relevant PRs must carry a `.changeset/*.md` entry, so every shipped package version has a customer-readable explanation before publish.
+- [SemVer Policy](docs/SEMVER_POLICY.md) and version-sync checks keep `package.json`, `CHANGELOG.md`, plugin manifests, and installer metadata aligned.
+- CI enforces changeset coverage, version sync, tests, coverage, proof lanes, and operational integrity before merge.
+- Final close-out requires verifying the exact `main` merge commit, with proof anchored in [Verification Evidence](docs/VERIFICATION_EVIDENCE.md).
+
+See [Release Confidence](docs/RELEASE_CONFIDENCE.md) for the full trust chain.
+
 ## Before / After
 
 ```
@@ -92,7 +116,9 @@ Or wire MCP directly: `claude mcp add thumbgate -- npx -y thumbgate serve`
 
 Works with **Claude Code, Cursor, Codex, Gemini, Amp, OpenCode**, and any MCP-compatible agent.
 
-> **Want team analytics and shared lessons?** [Start with ThumbGate Pro →](https://thumbgate-production.up.railway.app/checkout/pro?utm_source=github&utm_medium=readme&utm_campaign=quickstart_cta) Free for individual devs. No credit card required.
+> **Need shared enforcement, auditability, and rollout proof for a team workflow?** [Start with the Workflow Hardening Sprint →](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=quickstart_cta#workflow-sprint-intake)
+>
+> **Need a personal dashboard and DPO export for yourself?** [See ThumbGate Pro →](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=quickstart_cta_pro)
 
 ## Built-in Gates
 
@@ -121,7 +147,7 @@ Works with **Claude Code, Cursor, Codex, Gemini, Amp, OpenCode**, and any MCP-co
               └─► lesson inferred from full conversation
 ```
 
-History-aware distillation turns vague signals into concrete lessons using the last ~10 messages and the failed tool call.
+History-aware distillation turns vague negative signals into concrete lessons. In the current Claude auto-capture path, ThumbGate can reuse up to 8 prior recorded conversation entries plus the failed tool call, then keep a linked 60-second follow-up session open for later clarification.
 
 Free and self-hosted users can invoke `search_lessons` directly through MCP, and via the CLI with `npx thumbgate lessons`.
 
@@ -134,17 +160,19 @@ Free and self-hosted users can invoke `search_lessons` directly through MCP, and
 │ Unlimited    │ Unlimited feedback │ Shared hosted lesson DB      │
 │ feedback     │ captures + search  │ Org dashboard                │
 │ captures     │ DPO export         │ Gate template library         │
-│ 5 daily      │ Personal dashboard │ Workflow hardening sprint     │
-│ lesson       │                    │                              │
-│ searches     │                    │                              │
+│ 3 captures   │ Personal dashboard │ Isolated execution guidance   │
+│ 5 lesson     │                    │                              │
+│ searches/day │                    │                              │
 └──────────────┴────────────────────┴──────────────────────────────┘
 ```
 
-Free includes unlimited feedback captures, 5 daily lesson searches, unlimited recall, and gating. History-aware distillation turns vague feedback into concrete lessons. Feedback sessions (`open_feedback_session` → `append_feedback_context` → `finalize_feedback_session`) link follow-up context to one record.
+Free includes 3 daily feedback captures, 5 daily lesson searches, unlimited recall, and gating. History-aware distillation turns vague feedback into concrete lessons, and feedback sessions (`open_feedback_session` → `append_feedback_context` → `finalize_feedback_session`) keep later clarification linked to one record. The current Claude auto-capture path uses up to 8 prior recorded entries for vague thumbs-down signals; the follow-up session stays open for 60 seconds and resets when more context is appended.
+
+It does not update model weights in frontier LLMs. ThumbGate improves runtime behavior by training a local sidecar intervention policy from feedback, gate audits, and diagnostics, then using that policy to strengthen recall, verification, and enforcement decisions on future runs.
 
-It does not update model weights. It's context engineering — enforcement that gets smarter every session.
+The fastest commercial path is not a generic self-serve subscription pitch. It is the Workflow Hardening Sprint: qualify one repeated failure in one valuable workflow, prove the control plane on that surface, then expand into Team seats when shared enforcement matters.
 
-**[Get Pro](https://thumbgate-production.up.railway.app/checkout/pro?utm_source=github&utm_medium=readme&utm_campaign=thumbgate)** | **[Start Team Rollout](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=team_rollout#workflow-sprint-intake)** | **[Live Dashboard](https://thumbgate-production.up.railway.app/dashboard?utm_source=github&utm_medium=readme&utm_campaign=thumbgate)**
+**[Start Workflow Hardening Sprint](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=team_rollout#workflow-sprint-intake)** | **[Get Pro](https://thumbgate-production.up.railway.app/checkout/pro?utm_source=github&utm_medium=readme&utm_campaign=thumbgate)** | **[Live Dashboard](https://thumbgate-production.up.railway.app/dashboard?utm_source=github&utm_medium=readme&utm_campaign=thumbgate)**
 
 ## Tech Stack
 
@@ -157,18 +185,22 @@ It does not update model weights. It's context engineering — enforcement that
 │  JSONL logs       │  Thompson Sampling│  Gates config    │
 │  ContextFS        │                   │  Hook wiring     │
 ├───────────────────┼───────────────────┼──────────────────┤
-│  INTERFACES       │  BILLING          │  HOSTING         │
+│  INTERFACES       │  BILLING          │  EXECUTION       │
 │                   │                   │                  │
 │  MCP stdio        │  Stripe           │  Railway         │
 │  HTTP API         │                   │  Cloudflare      │
 │  CLI              │                   │    Workers       │
-│  Node.js >=18     │                   │                  │
+│  Node.js >=18     │                   │  Docker          │
+│                   │                   │    Sandboxes     │
 └───────────────────┴───────────────────┴──────────────────┘
 ```
 
 ## Docs
 
 - [Commercial Truth](docs/COMMERCIAL_TRUTH.md) — pricing, claims, what we don't say
+- [Changeset Strategy](docs/CHANGESET_STRATEGY.md) — how release notes, version bumps, and customer-facing change records are enforced
+- [First Dollar Playbook](docs/FIRST_DOLLAR_PLAYBOOK.md) — the operator loop for turning one painful workflow into the next booked pilot
+- [Release Confidence](docs/RELEASE_CONFIDENCE.md) — how Changesets, SemVer, sync checks, proof lanes, and exact-merge verification make publishes inspectable
 - [SemVer Policy](docs/SEMVER_POLICY.md) — stable vs prerelease channel rules
 - [Verification Evidence](docs/VERIFICATION_EVIDENCE.md) — proof artifacts
 - [WORKFLOW.md](WORKFLOW.md) — agent-run contract (scope, hard stops, proof commands)

package/adapters/README.md

@@ -3,7 +3,7 @@
 - `chatgpt/openapi.yaml`: import into GPT Actions.
 - `gemini/function-declarations.json`: Gemini function-calling definitions.
 - `mcp/server-stdio.js`: underlying local MCP stdio server implementation.
-- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.1.0 thumbgate serve`.
+- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.3.0 thumbgate serve`.
 - `codex/config.toml`: example Codex MCP profile section using the same version-pinned portable launcher.
 - `amp/skills/thumbgate-feedback/SKILL.md`: Amp skill template.
 - `opencode/opencode.json`: portable OpenCode MCP profile using the same version-pinned portable launcher.

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.1.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.1.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/codex/config.toml

@@ -1,9 +1,9 @@
 # Codex MCP profile (copy into ~/.codex/config.toml or merge section)
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.1.0", "thumbgate", "serve"]
+args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
 
 # Hard PreToolUse hook for Codex
 [hooks.pre_tool_use]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.1.0", "thumbgate", "gate-check"]
+args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "gate-check"]

package/adapters/mcp/server-stdio.js

@@ -105,7 +105,7 @@ function enforceLimit(action) {
   const limit = checkLimit(action);
   if (!limit.allowed) {
     const err = new Error(
-      `Free tier daily limit reached for "${action}". ${UPGRADE_MESSAGE}\nUpgrade now: ${PRO_CHECKOUT_URL}`
+      `Free tier limit reached. Upgrade to Pro for unlimited: https://thumbgate-production.up.railway.app/pro\n${UPGRADE_MESSAGE}\nUpgrade now: ${PRO_CHECKOUT_URL}`
     );
     err.errorCategory = 'rate_limit';
     err.isRetryable = false;
@@ -119,7 +119,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.1.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.3.0' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -364,12 +364,14 @@ function buildEstimateUncertaintyResponse(args = {}) {
 
 async function callTool(name, args = {}) {
   assertToolAllowed(name, getActiveMcpProfile());
-  const firewallResult = (await evaluateGatesAsync(name, args)) || evaluateSecretGuard({ tool_name: name, tool_input: args });
-  if (firewallResult && firewallResult.decision === 'deny') {
-    const err = new Error(`Action blocked by Semantic Firewall: ${firewallResult.message}`);
-    err.errorCategory = 'permission';
-    err.isRetryable = false;
-    throw err;
+  if (name !== 'workflow_sentinel') {
+    const firewallResult = (await evaluateGatesAsync(name, args)) || evaluateSecretGuard({ tool_name: name, tool_input: args });
+    if (firewallResult && firewallResult.decision === 'deny') {
+      const err = new Error(`Action blocked by Semantic Firewall: ${firewallResult.message}`);
+      err.errorCategory = 'permission';
+      err.isRetryable = false;
+      throw err;
+    }
   }
   const startMs = Date.now();
   const result = await callToolInner(name, args);
@@ -628,6 +630,7 @@ async function callToolInner(name, args) {
         affectedFiles: Array.isArray(args.changedFiles) ? args.changedFiles : undefined,
         requirePrForReleaseSensitive: args.requirePrForReleaseSensitive === true,
         requireVersionNotBehindBase: args.requireVersionNotBehindBase === true,
+        governanceState: getScopeState(),
       }));
     case 'register_claim_gate':
       return toTextResult(registerClaimGate(args.claimPattern, args.requiredActions, args.message));

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.1.0",
+        "thumbgate@1.3.0",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -115,6 +115,7 @@ function telemetryPing(installId) {
     const req = mod.request(url, { method: 'POST', headers: { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(payload) }, timeout: 3000 }, () => {});
     req.on('error', () => {});
     req.on('timeout', () => { req.destroy(); });
+    req.on('socket', (s) => s.unref()); // fire-and-forget: never block process exit
     req.end(payload);
   } catch (_) { /* telemetry is best-effort */ }
 }
@@ -134,8 +135,8 @@ function proNudge(context) {
 function limitNudge(action) {
   if (process.env.THUMBGATE_NO_NUDGE === '1') return;
   process.stderr.write(
-    `\n  ⚠️  Free tier: ${action} daily limit reached.\n` +
-    `     Upgrade to Pro for unlimited usage — ${PRO_PRICE_LABEL}:\n` +
+    `\n  ⚠️  Free tier limit reached. Upgrade to Pro for unlimited: https://thumbgate-production.up.railway.app/pro\n` +
+    `     ${action} daily limit reached. Upgrade to Pro for unlimited usage — ${PRO_PRICE_LABEL}:\n` +
     `     ${PRO_CHECKOUT_URL}\n\n`
   );
 }
@@ -580,13 +581,12 @@ function init() {
   console.log('Run: npx thumbgate help');
   trackEvent('cli_init', { command: 'init' });
   proNudge();
-  process.stderr.write(
-    '\n  ┌──────────────────────────────────────────────────┐\n' +
-    '  │  Free: unlimited 👍👎 · 5 searches · 5 gates   │\n' +
-    '  │  Pro:  + dashboard + DPO export + full search   │\n' +
-    '  │        $19/mo → npx thumbgate pro      │\n' +
-    '  └──────────────────────────────────────────────────┘\n\n'
-  );
+  console.log('');
+  console.log('  ┌─────────────────────────────────────────────────────┐');
+  console.log('  │  Unlock unlimited captures, searches & dashboard:   │');
+  console.log('  │  https://thumbgate-production.up.railway.app/pro    │');
+  console.log('  │  Pro starts at $19/mo — 7-day free trial included   │');
+  console.log('  └─────────────────────────────────────────────────────┘');
 
   try {
     const { appendFunnelEvent } = require(path.join(PKG_ROOT, 'scripts', 'billing'));
@@ -663,7 +663,7 @@ function capture() {
       const pct = Math.round((capLimit.used / capLimit.limit) * 100);
       console.log(`  Usage       : ${capLimit.used}/${capLimit.limit} captures today (${pct}%)`);
       if (capLimit.remaining <= 1) {
-        console.log(`  ⚠️  Last capture for today. Upgrade to Pro for unlimited.`);
+        console.log(`  ⚠️  Free tier limit reached. Upgrade to Pro for unlimited: https://thumbgate-production.up.railway.app/pro`);
       }
     }
     console.log('');
@@ -892,7 +892,7 @@ function pro() {
 
   if (args.info) {
     printProInfo();
-    return;
+    process.exit(0);
   }
 
   const resolvedKey = resolveProKey();
@@ -901,6 +901,7 @@ function pro() {
   }
 
   printProInfo();
+  process.exit(0);
 }
 
 function summary() {
@@ -1232,6 +1233,10 @@ function cacheUpdate() {
 
 function statuslineRender() {
   syncActiveProjectContext();
+  try {
+    const { syncClaudeHistoryFeedback } = require(path.join(PKG_ROOT, 'scripts', 'claude-feedback-sync'));
+    syncClaudeHistoryFeedback();
+  } catch (_) { /* best-effort fallback sync */ }
   const payload = readStdinText();
   const output = execFileSync('bash', [path.join(PKG_ROOT, 'scripts', 'statusline.sh')], {
     encoding: 'utf8',
@@ -1283,6 +1288,10 @@ function hookAutoCapture() {
 
 function sessionStart() {
   syncActiveProjectContext();
+  try {
+    const { syncClaudeHistoryFeedback } = require(path.join(PKG_ROOT, 'scripts', 'claude-feedback-sync'));
+    syncClaudeHistoryFeedback();
+  } catch (_) { /* best-effort fallback sync */ }
   const { analyzeFeedback } = require(path.join(PKG_ROOT, 'scripts', 'feedback-loop'));
   const { refreshStatuslineCache } = require(path.join(PKG_ROOT, 'scripts', 'hook-thumbgate-cache-updater'));
   refreshStatuslineCache(analyzeFeedback());

package/config/github-about.json

@@ -2,7 +2,7 @@
   "repo": "IgorGanapolsky/ThumbGate",
   "repositoryUrl": "https://github.com/IgorGanapolsky/ThumbGate",
   "homepageUrl": "https://thumbgate-production.up.railway.app",
-  "description": "Pre-action gates for AI coding agents. 👎 Thumbs down → prevention rule → mistake permanently blocked. 👍 Thumbs up → pattern reinforced. History-aware lessons from your corrections. Team adds shared lessons and org visibility.",
+  "description": "Pre-action gates, a learned intervention policy, and workflow governance for self-improving AI coding agents. 👎 Thumbs down distills history-aware lessons from up to 8 prior entries and stays linked to a 60-second feedback session. 👍 Thumbs up reinforces safe patterns. Team adds shared lessons and org visibility.",
   "topics": [
     "thumbgate",
     "pre-action-gates",

package/config/model-tiers.json

@@ -22,6 +22,17 @@
         "tokenCap": 500000,
         "requireReason": true
       }
+    },
+    "localFrontier": {
+      "label": "GLM 5.1",
+      "taskTypes": [],
+      "maxContextTokens": 1000000,
+      "costMultiplier": 0.0,
+      "budgetDefaults": {
+        "tokenCap": 2000000,
+        "requireReason": false
+      },
+      "notes": "Self-hosted open-source tier. Activate via THUMBGATE_LOCAL_MODEL_FAMILY=glm-*. Zero marginal cost; no token budget enforcement needed."
     }
   },
   "escalationRules": {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "ThumbGate — Make your AI coding agent self-improving. Every mistake becomes a prevention rule that physically blocks the agent from repeating it. Feedback-driven enforcement via PreToolUse hooks, Thompson Sampling for adaptive gates, SQLite+FTS5 lesson DB, and LanceDB vector search. Your agent gets smarter with every session.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -32,6 +32,10 @@
   "scripts": {
     "postinstall": "node bin/postinstall.js || true",
     "start": "node src/api/server.js",
+    "changeset": "changeset",
+    "changeset:version": "changeset version && node scripts/sync-version.js",
+    "changeset:status": "changeset status",
+    "changeset:check": "node scripts/changeset-check.js",
     "build:claude-mcpb": "node scripts/build-claude-mcpb.js",
     "verify:quick": "node scripts/verify-run.js quick",
     "verify:full": "node scripts/verify-run.js full",
@@ -66,7 +70,7 @@
     "social:post-everywhere:dry": "node scripts/post-everywhere.js --dry-run",
     "social:reply-monitor": "node scripts/social-reply-monitor.js",
     "social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
-    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:lesson-retrieval && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets",
+    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:lesson-retrieval && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility",
     "test:feedback-fallback": "node --test tests/feedback-fallback.test.js",
     "test:metaclaw": "node --test tests/metaclaw-features.test.js",
     "test:server-lock": "node --test tests/server-stdio-lock.test.js",
@@ -74,7 +78,7 @@
     "test:multi-hop-recall": "node --test tests/multi-hop-recall.test.js",
     "test:synthetic-dpo": "node --test tests/synthetic-dpo.test.js",
     "test:thumbgate-skill": "node --test tests/thumbgate-skill.test.js",
-    "test:statusline": "node --test tests/statusline.test.js",
+    "test:statusline": "node --test tests/claude-feedback-sync.test.js tests/statusline.test.js tests/statusline-links.test.js",
     "test:memory-dedup": "node --test tests/memory-dedup.test.js",
     "test:lesson-db": "node --test tests/lesson-db.test.js",
     "test:lesson-rotation": "node --test tests/lesson-rotation.test.js",
@@ -117,7 +121,7 @@
     "test:loop": "node scripts/feedback-loop.js --test",
     "test:dpo": "node scripts/export-dpo-pairs.js --test",
     "test:kto": "node --test tests/export-kto.test.js",
-    "test:api": "node --test --test-concurrency=1 tests/api-server.test.js tests/api-auth-config.test.js tests/mcp-server.test.js tests/adapters.test.js tests/openapi-parity.test.js tests/budget-guard.test.js tests/contextfs.test.js tests/pack-templates.test.js tests/dashboard.test.js tests/dashboard-render-spec.test.js tests/dashboard-html.test.js tests/agent-readiness.test.js tests/mcp-policy.test.js tests/subagent-profiles.test.js tests/intent-router.test.js tests/internal-agent-bootstrap.test.js tests/job-api.test.js tests/lesson-search.test.js tests/thumbgate-search.test.js tests/rubric-engine.test.js tests/self-healing-check.test.js tests/self-heal.test.js tests/feedback-schema.test.js tests/thompson-sampling.test.js tests/feedback-sequences.test.js tests/diversity-tracking.test.js tests/vector-store.test.js tests/feedback-attribution.test.js tests/hybrid-feedback-context.test.js tests/loop-closure.test.js tests/code-reasoning.test.js tests/feedback-loop.test.js tests/feedback-inbox-read.test.js tests/feedback-to-memory.test.js tests/test-coverage.test.js tests/version-metadata.test.js tests/claude-mcpb.test.js tests/claude-codex-bridge.test.js tests/cursor-plugin.test.js tests/codex-plugin.test.js tests/telemetry-analytics.test.js tests/public-landing.test.js tests/pro-landing.test.js tests/local-model-profile.test.js tests/risk-scorer.test.js tests/context-compaction.test.js tests/reminder-engine.test.js tests/post-to-x.test.js tests/verification-loop.test.js tests/async-job-runner.test.js tests/commerce-quality.test.js tests/recall-limit.test.js tests/problem-detail.test.js tests/natural-language-harness.test.js tests/settings-hierarchy.test.js",
+    "test:api": "node --test --test-concurrency=1 tests/api-server.test.js tests/api-auth-config.test.js tests/mcp-server.test.js tests/adapters.test.js tests/openapi-parity.test.js tests/budget-guard.test.js tests/context-manager.test.js tests/contextfs.test.js tests/job-api.test.js tests/pack-templates.test.js tests/dashboard.test.js tests/dashboard-render-spec.test.js tests/dashboard-html.test.js tests/agent-readiness.test.js tests/mcp-policy.test.js tests/subagent-profiles.test.js tests/intent-router.test.js tests/internal-agent-bootstrap.test.js tests/lesson-search.test.js tests/thumbgate-search.test.js tests/rubric-engine.test.js tests/self-healing-check.test.js tests/self-heal.test.js tests/feedback-schema.test.js tests/thompson-sampling.test.js tests/feedback-sequences.test.js tests/diversity-tracking.test.js tests/vector-store.test.js tests/feedback-attribution.test.js tests/hybrid-feedback-context.test.js tests/loop-closure.test.js tests/code-reasoning.test.js tests/feedback-loop.test.js tests/feedback-inbox-read.test.js tests/feedback-to-memory.test.js tests/test-coverage.test.js tests/version-metadata.test.js tests/claude-mcpb.test.js tests/claude-codex-bridge.test.js tests/cursor-plugin.test.js tests/codex-plugin.test.js tests/telemetry-analytics.test.js tests/public-landing.test.js tests/lessons-page.test.js tests/pro-landing.test.js tests/local-model-profile.test.js tests/risk-scorer.test.js tests/context-compaction.test.js tests/reminder-engine.test.js tests/post-to-x.test.js tests/verification-loop.test.js tests/async-job-runner.test.js tests/commerce-quality.test.js tests/recall-limit.test.js tests/problem-detail.test.js tests/natural-language-harness.test.js tests/settings-hierarchy.test.js",
     "test:proof": "node --test tests/prove-adapters.test.js tests/prove-attribution.test.js tests/prove-cloudflare-sandbox.test.js tests/prove-data-quality.test.js tests/prove-intelligence.test.js tests/prove-lancedb.test.js tests/prove-loop-closure.test.js tests/prove-subway-upgrades.test.js tests/prove-training-export.test.js tests/prove-local-intelligence.test.js tests/prove-workflow-contract.test.js tests/prove-autoresearch.test.js tests/prove-claim-verification.test.js tests/prove-data-pipeline.test.js tests/prove-evolution.test.js tests/prove-harnesses.test.js tests/prove-runtime.test.js tests/prove-seo-gsd.test.js tests/prove-settings.test.js tests/prove-xmemory.test.js && node --test tests/prove-automation.test.js",
     "test:e2e": "node --test tests/e2e-pipeline.test.js tests/e2e-product-flows.test.js tests/e2e-coverage-contract.test.js",
     "test:rlaif": "node --test tests/rlaif-self-audit.test.js tests/dpo-optimizer.test.js tests/meta-policy.test.js",
@@ -125,17 +129,17 @@
     "test:quality": "node --test tests/validate-feedback.test.js",
     "test:intelligence": "node --test tests/intelligence.test.js",
     "test:training-export": "node --test tests/training-export.test.js tests/databricks-export.test.js",
-    "test:deployment": "node --test tests/deployment.test.js tests/deploy-policy.test.js tests/publish-decision.test.js",
+    "test:deployment": "node --test tests/deployment.test.js tests/deploy-policy.test.js tests/publish-decision.test.js tests/changeset-check.test.js tests/sonarcloud-workflow.test.js",
     "test:operational-integrity": "node --test tests/operational-integrity.test.js",
-    "test:workflow": "node --test tests/workflow-contract.test.js tests/social-marketing-assets.test.js tests/social-pipeline.test.js tests/positioning-contract.test.js tests/workflow-runs.test.js tests/workflow-sprint-intake.test.js tests/gtm-revenue-loop.test.js",
+    "test:workflow": "node --test tests/workflow-contract.test.js tests/social-marketing-assets.test.js tests/social-pipeline.test.js tests/positioning-contract.test.js tests/workflow-runs.test.js tests/workflow-sprint-intake.test.js tests/gtm-revenue-loop.test.js tests/enterprise-story.test.js",
     "test:billing": "node --test tests/billing.test.js",
-    "test:cli": "node --test tests/analytics-report.test.js tests/creator-campaigns.test.js tests/cli.test.js tests/codex-bridge-script.test.js tests/dispatch-brief.test.js tests/feedback-normalize.test.js tests/install-mcp.test.js tests/pr-manager.test.js tests/pro-local-dashboard.test.js tests/revenue-status.test.js",
+    "test:cli": "node --test tests/analytics-report.test.js tests/creator-campaigns.test.js tests/cli.test.js tests/codex-bridge-script.test.js tests/dispatch-brief.test.js tests/feedback-normalize.test.js tests/install-mcp.test.js tests/pr-manager.test.js tests/pro-local-dashboard.test.js tests/published-cli.test.js tests/revenue-status.test.js",
     "test:evolution": "node --test tests/workspace-evolver.test.js",
     "test:watcher": "node --test tests/jsonl-watcher.test.js",
     "test:autoresearch": "node --test tests/autoresearch.test.js",
-    "test:ops": "node --test tests/adk-consolidator.test.js tests/anthropic-partner-strategy.test.js tests/auto-promote-gates.test.js tests/auto-wire-hooks.test.js tests/claude-skill.test.js tests/codegraph-context.test.js tests/commercial-signals.test.js tests/delegation-runtime.test.js tests/disagreement-mining.test.js tests/failure-diagnostics.test.js tests/gate-stats.test.js tests/github-billing.test.js tests/markdown-escape.test.js tests/mcp-tools-gates.test.js tests/project-bayes-e2e.test.js tests/project-bayes.test.js tests/rate-limiter.test.js tests/schedule-manager.test.js tests/session-handoff.test.js tests/skill-generator.test.js tests/smart-learning.test.js tests/spike-and-sink.test.js tests/stripe-webhook-route.test.js tests/train-from-feedback.test.js tests/workflow-hardening-sprint.test.js tests/test-suite-parity.test.js tests/a2ui-engine.test.js tests/webhook-delivery.test.js",
+    "test:ops": "node --test tests/adk-consolidator.test.js tests/anthropic-partner-strategy.test.js tests/auto-promote-gates.test.js tests/auto-wire-hooks.test.js tests/claude-skill.test.js tests/codegraph-context.test.js tests/commercial-signals.test.js tests/delegation-runtime.test.js tests/disagreement-mining.test.js tests/failure-diagnostics.test.js tests/gate-stats.test.js tests/github-billing.test.js tests/intervention-policy.test.js tests/markdown-escape.test.js tests/mcp-tools-gates.test.js tests/project-bayes-e2e.test.js tests/project-bayes.test.js tests/rate-limiter.test.js tests/schedule-manager.test.js tests/session-handoff.test.js tests/skill-generator.test.js tests/smart-learning.test.js tests/spike-and-sink.test.js tests/stripe-webhook-route.test.js tests/train-from-feedback.test.js tests/workflow-hardening-sprint.test.js tests/workflow-sentinel.test.js tests/test-suite-parity.test.js tests/a2ui-engine.test.js tests/webhook-delivery.test.js",
     "test:tessl": "node --test tests/tessl-export.test.js",
-    "test:gates": "node --test tests/gate-templates.test.js tests/gates-engine.test.js tests/claim-verification.test.js tests/secret-scanner.test.js tests/prompt-guard.test.js tests/audit-trail.test.js tests/profile-router.test.js tests/workflow-sentinel.test.js",
+    "test:gates": "node --test tests/gate-templates.test.js tests/gates-engine.test.js tests/claim-verification.test.js tests/secret-scanner.test.js tests/prompt-guard.test.js tests/audit-trail.test.js tests/profile-router.test.js tests/workflow-sentinel.test.js tests/docker-sandbox-planner.test.js",
     "test:workers": "npm --prefix workers ci && npm --prefix workers test",
     "test:evoskill": "node --test tests/evoskill.test.js",
     "test:gates-hardening": "node --test tests/gates-hardening.test.js",
@@ -172,6 +176,7 @@
     "prove:harnesses": "node scripts/prove-harnesses.js",
     "prove:local-intelligence": "node scripts/prove-local-intelligence.js",
     "prove:runtime": "node scripts/prove-runtime.js",
+    "prove:packaged-runtime": "node scripts/prove-packaged-runtime.js",
     "prove:settings": "node scripts/prove-settings.js",
     "prove:seo-gsd": "node scripts/prove-seo-gsd.js",
     "prove:tessl": "node scripts/prove-tessl.js",
@@ -236,7 +241,8 @@
     "test:social-reply-monitor": "node --test tests/social-reply-monitor.test.js",
     "test:sync-launch-assets": "node --test tests/sync-launch-assets.test.js",
     "test:reddit-publisher": "node --test tests/reddit-publisher.test.js",
-    "test:engagement-audit": "node --test tests/engagement-audit.test.js"
+    "test:engagement-audit": "node --test tests/engagement-audit.test.js",
+    "test:ai-search-visibility": "node --test tests/ai-search-visibility.test.js"
   },
   "keywords": [
     "mcp",
@@ -298,5 +304,10 @@
       "path-to-regexp": "0.1.13"
     }
   },
-  "mcpName": "io.github.IgorGanapolsky/thumbgate"
+  "mcpName": "io.github.IgorGanapolsky/thumbgate",
+  "devDependencies": {
+    "@changesets/changelog-github": "^0.5.1",
+    "@changesets/cli": "^2.30.0",
+    "c8": "^11.0.0"
+  }
 }

package/plugins/claude-codex-bridge/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-bridge",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "Run Codex review, adversarial review, and second-pass handoffs from Claude Code while keeping ThumbGate reliability memory in the loop.",
   "author": {
     "name": "Igor Ganapolsky",

package/plugins/claude-codex-bridge/.mcp.json

@@ -5,7 +5,7 @@
       "args": [
         "--yes",
         "--package",
-        "thumbgate@1.1.0",
+        "thumbgate@1.3.0",
         "thumbgate",
         "serve"
       ]

package/plugins/codex-profile/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-profile",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "description": "ThumbGate for Codex: pre-action gates, skill packs, hallucination detection, PII scanning, progressive disclosure (82% token savings), and MCP-backed reliability memory.",
   "author": {
     "name": "Igor Ganapolsky",

package/plugins/codex-profile/.mcp.json

@@ -5,7 +5,7 @@
       "args": [
         "--yes",
         "--package",
-        "thumbgate@1.1.0",
+        "thumbgate@1.3.0",
         "thumbgate",
         "serve"
       ]

package/plugins/codex-profile/INSTALL.md

@@ -31,7 +31,7 @@ The following block is appended to `~/.codex/config.toml`:
 ```toml
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.1.0", "thumbgate", "serve"]
+args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
 ```
 
 The repo-local Codex app plugin ships the same runtime path through `plugins/codex-profile/.mcp.json`, so the manual config and plugin metadata stay aligned.

package/plugins/codex-profile/README.md

@@ -29,7 +29,7 @@ That profile launches:
 ```toml
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.1.0", "thumbgate", "serve"]
+args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
 ```
 
 ## Why this exists

package/plugins/cursor-marketplace/.cursor-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "thumbgate",
   "displayName": "ThumbGate",
   "description": "👍👎 Thumbs down a mistake — your AI agent won't repeat it. Thumbs up good work — it remembers the pattern.",
-  "version": "1.1.0",
+  "version": "1.3.0",
   "author": {
     "name": "Igor Ganapolsky"
   },