thumbgate 1.13.0 → 1.14.0

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.13.0",
+  "version": "1.14.0",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -13,7 +13,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.13.0",
+      "version": "1.14.0",
       "author": {
         "name": "Igor Ganapolsky"
       },

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "Type 👍 or 👎 on any agent action. ThumbGate captures it, distills a lesson, and blocks the pattern from repeating. One thumbs-down = the agent physically cannot make that mistake again. 33 pre-action gates, budget enforcement, self-protection, and NIST/SOC2 compliance tags.",
-  "version": "1.13.0",
+  "version": "1.14.0",
   "author": {
     "name": "Igor Ganapolsky"
   },

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.13.0",
+  "version": "1.14.0",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "transport": "stdio",

package/adapters/README.md

@@ -3,7 +3,7 @@
 - `chatgpt/openapi.yaml`: import into GPT Actions.
 - `gemini/function-declarations.json`: Gemini function-calling definitions.
 - `mcp/server-stdio.js`: underlying local MCP stdio server implementation.
-- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.13.0 thumbgate serve`.
+- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.14.0 thumbgate serve`.
 - `codex/config.toml`: example Codex MCP profile section using the same version-pinned portable launcher.
 - `amp/skills/thumbgate-feedback/SKILL.md`: Amp skill template.
 - `opencode/opencode.json`: portable OpenCode MCP profile using the same version-pinned portable launcher.

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.13.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.14.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.13.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.14.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -132,6 +132,10 @@ const {
 const { exportHfDataset } = require('../../scripts/export-hf-dataset');
 const { distributeContextToAgents } = require('../../scripts/swarm-coordinator');
 const { buildSessionReport } = require('../../scripts/session-report');
+const {
+  generateOperatorArtifact,
+  formatArtifactMarkdown,
+} = require('../../scripts/operator-artifacts');
 
 const PRO_CHECKOUT_URL = 'https://thumbgate-production.up.railway.app/checkout/pro';
 
@@ -153,7 +157,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.13.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.14.0' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -802,6 +806,16 @@ async function callToolInner(name, args) {
       }));
     case 'session_report':
       return toTextResult(buildSessionReport({ windowHours: args.windowHours }));
+    case 'generate_operator_artifact': {
+      const artifact = await generateOperatorArtifact({
+        type: args.type,
+        windowHours: args.windowHours,
+      });
+      if (args.format === 'markdown') {
+        return toTextResult(formatArtifactMarkdown(artifact));
+      }
+      return toTextResult(artifact);
+    }
     case 'check_operational_integrity':
       return toTextResult(evaluateOperationalIntegrity({
         repoPath: args.repoPath,

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.13.0",
+        "thumbgate@1.14.0",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -1670,6 +1670,32 @@ function dashboard() {
     });
 }
 
+function artifacts() {
+  const argv = process.argv.slice(3);
+  const args = parseArgs(argv);
+  const positionalType = argv.find((arg) => !arg.startsWith('--'));
+  const {
+    generateOperatorArtifact,
+    formatArtifactMarkdown,
+  } = require(path.join(PKG_ROOT, 'scripts', 'operator-artifacts'));
+
+  generateOperatorArtifact({
+    type: args.type || positionalType || 'reliability-pulse',
+    windowHours: args['window-hours'] || args.window,
+  })
+    .then((artifact) => {
+      if (args.json) {
+        console.log(JSON.stringify(artifact, null, 2));
+        return;
+      }
+      process.stdout.write(formatArtifactMarkdown(artifact));
+    })
+    .catch((err) => {
+      console.error(err && err.message ? err.message : err);
+      process.exit(1);
+    });
+}
+
 function gateStats() {
   const args = parseArgs(process.argv.slice(3));
   const { calculateStats, formatStats } = require(path.join(PKG_ROOT, 'scripts', 'gate-stats'));
@@ -2088,6 +2114,10 @@ switch (COMMAND) {
   case 'dashboard':
     dashboard();
     break;
+  case 'artifact':
+  case 'artifacts':
+    artifacts();
+    break;
   case 'analytics': {
     const { run: runAnalytics } = require(path.join(PKG_ROOT, 'scripts', 'analytics-report'));
     runAnalytics();

package/config/mcp-allowlists.json

@@ -58,6 +58,7 @@
       "require_evidence_for_claim",
       "distribute_context_to_agents",
       "session_report",
+      "generate_operator_artifact",
       "perplexity_search",
       "perplexity_ask",
       "perplexity_research",
@@ -91,7 +92,8 @@
       "estimate_uncertainty",
       "report_product_issue",
       "require_evidence_for_claim",
-      "session_report"
+      "session_report",
+      "generate_operator_artifact"
     ],
     "commerce": [
       "capture_feedback",
@@ -143,6 +145,7 @@
       "describe_reliability_entity",
       "require_evidence_for_claim",
       "session_report",
+      "generate_operator_artifact",
       "perplexity_search",
       "perplexity_ask"
     ],
@@ -176,6 +179,7 @@
       "describe_reliability_entity",
       "require_evidence_for_claim",
       "session_report",
+      "generate_operator_artifact",
       "perplexity_search",
       "perplexity_ask"
     ],
@@ -194,7 +198,8 @@
       "verify_claim",
       "check_operational_integrity",
       "workflow_sentinel",
-      "settings_status"
+      "settings_status",
+      "generate_operator_artifact"
     ]
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.13.0",
+  "version": "1.14.0",
   "description": "Self-improving agent governance: type thumbs-up or thumbs-down on any AI agent action. ThumbGate turns every mistake into a prevention rule and blocks the pattern from repeating. One thumbs-down, never again. 33 pre-action gates, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -148,11 +148,13 @@
     "scripts/operational-dashboard.js",
     "scripts/operational-integrity.js",
     "scripts/operational-summary.js",
+    "scripts/operator-artifacts.js",
     "scripts/optimize-context.js",
     "scripts/org-dashboard.js",
     "scripts/partner-orchestration.js",
     "scripts/perplexity-client.js",
     "scripts/predictive-insights.js",
+    "scripts/pr-manager.js",
     "scripts/pro-local-dashboard.js",
     "scripts/problem-detail.js",
     "scripts/product-feedback.js",
@@ -263,7 +265,7 @@
     "trace:eval": "node scripts/decision-trace.js eval",
     "social:reply-monitor": "node scripts/social-reply-monitor.js",
     "social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
-    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:zernio-canonical-pollers && npm run test:zernio-status && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:require-evidence-gate",
+    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:zernio-canonical-pollers && npm run test:zernio-status && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:require-evidence-gate",
     "test:swarm-coordinator": "node --test tests/swarm-coordinator.test.js",
     "test:session-report": "node --test tests/session-report.test.js",
     "test:require-evidence-gate": "node --test tests/require-evidence-gate.test.js",
@@ -294,6 +296,7 @@
     "test:belief-update": "node --test tests/belief-update.test.js",
     "test:hosted-config": "node --test tests/hosted-config.test.js",
     "test:operational-summary": "node --test tests/operational-summary.test.js",
+    "test:operator-artifacts": "node --test tests/operator-artifacts.test.js",
     "test:operator-key-auth": "node --test tests/api-operator-key-auth.test.js",
     "test:cloudflare-sandbox": "node --test tests/cloudflare-dynamic-sandbox.test.js tests/cloudflare-sandbox-api.test.js",
     "test:mcp-config": "node --test tests/mcp-config.test.js",

package/public/index.html

@@ -974,7 +974,7 @@ __GA_BOOTSTRAP__
 <!-- HOW IT WORKS -->
 <section class="how-it-works" id="how-it-works">
   <div class="container">
-    <div class="section-label">New in v1.13.0</div>
+    <div class="section-label">New in v1.14.0</div>
     <h2 class="section-title">Three steps to stop repeated AI failures</h2>
     <div class="steps">
       <div class="step">
@@ -1330,7 +1330,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.13.0</span>
+    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.14.0</span>
   </div>
 </footer>
 

package/scripts/cli-schema.js

@@ -77,6 +77,18 @@ const CLI_COMMANDS = [
       { name: 'json', type: 'boolean', description: 'Output as JSON' },
     ],
   },
+  {
+    name: 'artifacts',
+    aliases: ['artifact'],
+    description: 'Operator decision artifacts - PR, reliability, revenue, and release pulses',
+    group: 'discovery',
+    mcpTool: 'generate_operator_artifact',
+    flags: [
+      { name: 'type', type: 'string', description: 'pr-pulse | reliability-pulse | revenue-pulse | release-readiness' },
+      { name: 'window-hours', type: 'number', description: 'Lookback window in hours (default 24)' },
+      { name: 'json', type: 'boolean', description: 'Output as JSON' },
+    ],
+  },
   {
     name: 'summary',
     description: 'Human-readable feedback summary',

package/scripts/operator-artifacts.js

@@ -0,0 +1,608 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const DEFAULT_WINDOW_HOURS = 24;
+const MAX_WINDOW_HOURS = 24 * 30;
+const ARTIFACT_TYPES = [
+  'pr-pulse',
+  'reliability-pulse',
+  'revenue-pulse',
+  'release-readiness',
+];
+
+function normalizeWindowHours(value) {
+  if (value === null || value === undefined || value === '') return DEFAULT_WINDOW_HOURS;
+  const parsed = Number(value);
+  if (!Number.isFinite(parsed)) return DEFAULT_WINDOW_HOURS;
+  if (parsed < 1) return 1;
+  if (parsed > MAX_WINDOW_HOURS) return MAX_WINDOW_HOURS;
+  return Math.floor(parsed);
+}
+
+function normalizeArtifactType(type) {
+  const normalized = String(type || 'reliability-pulse').trim().toLowerCase();
+  const aliases = {
+    pr: 'pr-pulse',
+    prs: 'pr-pulse',
+    pull_requests: 'pr-pulse',
+    pullrequests: 'pr-pulse',
+    reliability: 'reliability-pulse',
+    gates: 'reliability-pulse',
+    revenue: 'revenue-pulse',
+    growth: 'revenue-pulse',
+    acquisition: 'revenue-pulse',
+    release: 'release-readiness',
+    readiness: 'release-readiness',
+  };
+  const resolved = aliases[normalized] || normalized;
+  if (!ARTIFACT_TYPES.includes(resolved)) {
+    throw new Error(`Unknown operator artifact type: ${type}`);
+  }
+  return resolved;
+}
+
+function safeNumber(value, fallback = 0) {
+  const parsed = Number(value);
+  return Number.isFinite(parsed) ? parsed : fallback;
+}
+
+function getPath(source, parts, fallback = undefined) {
+  let cursor = source;
+  for (const part of parts) {
+    if (!cursor || typeof cursor !== 'object' || !(part in cursor)) return fallback;
+    cursor = cursor[part];
+  }
+  return cursor === undefined ? fallback : cursor;
+}
+
+function formatCurrency(cents) {
+  return `$${(safeNumber(cents) / 100).toFixed(2)}`;
+}
+
+function compactList(items, limit = 5) {
+  return (Array.isArray(items) ? items : []).filter(Boolean).slice(0, limit);
+}
+
+function getErrorMessage(error) {
+  return String(error?.message || error);
+}
+
+function artifactBase(type, options = {}) {
+  const generatedAt = options.now instanceof Date
+    ? options.now.toISOString()
+    : options.now || new Date().toISOString();
+  return {
+    schemaVersion: 1,
+    type,
+    generatedAt,
+    windowHours: normalizeWindowHours(options.windowHours),
+    status: 'watch',
+    summary: '',
+    decision: {
+      label: 'Review',
+      rationale: '',
+      nextActions: [],
+    },
+    metrics: {},
+    sections: [],
+    evidence: [],
+  };
+}
+
+function buildEvidence(label, value, extra = {}) {
+  return {
+    label,
+    value: value === undefined || value === null ? 'unknown' : value,
+    ...extra,
+  };
+}
+
+function buildReliabilityPulseArtifact(options = {}) {
+  const type = 'reliability-pulse';
+  const artifact = artifactBase(type, options);
+  const dashboard = options.dashboardData || {};
+  const session = options.sessionReport || {};
+  const gateStats = dashboard.gateStats || {};
+  const health = dashboard.health || {};
+  const diagnostics = dashboard.diagnostics || {};
+  const reviewDelta = dashboard.reviewDelta || {};
+  const lessonPipeline = dashboard.lessonPipeline || {};
+
+  const blocked = safeNumber(gateStats.blocked, safeNumber(getPath(session, ['gates', 'blocked'])));
+  const warned = safeNumber(gateStats.warned, safeNumber(getPath(session, ['gates', 'warned'])));
+  const feedbackCount = safeNumber(health.feedbackCount);
+  const memoryCount = safeNumber(health.memoryCount);
+  const negativeAdded = safeNumber(reviewDelta.negativeAdded);
+  const staleLessons = safeNumber(lessonPipeline.staleLessons);
+  const topDiagnostic = getPath(diagnostics, ['categories', 0, 'key'], null);
+
+  artifact.title = 'Reliability Pulse';
+  artifact.metrics = {
+    blocked,
+    warned,
+    feedbackCount,
+    memoryCount,
+    negativeAdded,
+    staleLessons,
+  };
+
+  if (negativeAdded > 0 || staleLessons > 0 || blocked > 0) {
+    artifact.status = 'actionable';
+    artifact.decision.label = 'Regenerate and inspect gates';
+    artifact.decision.rationale = 'Recent negative signal or gate activity means the prevention layer has learnable work to absorb.';
+    artifact.decision.nextActions = compactList([
+      negativeAdded > 0 ? `Promote ${negativeAdded} new negative signal(s) into prevention rules.` : null,
+      staleLessons > 0 ? `Review ${staleLessons} stale lesson(s) before they age out of useful recall.` : null,
+      blocked > 0 ? `Inspect the top blocked gate path before the next risky operation.` : null,
+      topDiagnostic ? `Address top diagnostic category: ${topDiagnostic}.` : null,
+    ], 4);
+  } else {
+    artifact.status = 'healthy';
+    artifact.decision.label = 'Keep shipping';
+    artifact.decision.rationale = 'No fresh reliability pressure is visible in the current window.';
+    artifact.decision.nextActions = ['Keep the Reliability Gateway enabled during PR and release work.'];
+  }
+
+  artifact.summary = `${blocked} blocked, ${warned} warned, ${feedbackCount} feedback events, ${memoryCount} memories.`;
+  artifact.sections = [
+    {
+      title: 'Gate Load',
+      bullets: [
+        `${blocked} blocked actions`,
+        `${warned} warnings`,
+        `${safeNumber(getPath(session, ['gates', 'pendingApproval']))} pending approvals`,
+      ],
+    },
+    {
+      title: 'Learning Queue',
+      bullets: compactList([
+        `${negativeAdded} new negative signal(s)`,
+        `${staleLessons} stale lesson(s)`,
+        topDiagnostic ? `Top diagnostic: ${topDiagnostic}` : null,
+      ]),
+    },
+  ];
+  artifact.evidence = [
+    buildEvidence('dashboard.health.feedbackCount', feedbackCount),
+    buildEvidence('dashboard.gateStats.blocked', blocked),
+    buildEvidence('session_report.windowHours', artifact.windowHours),
+  ];
+  return artifact;
+}
+
+function buildRevenuePulseArtifact(options = {}) {
+  const type = 'revenue-pulse';
+  const artifact = artifactBase(type, options);
+  const dashboard = options.dashboardData || {};
+  const analytics = dashboard.analytics || {};
+  const funnel = analytics.funnel || {};
+  const revenue = analytics.revenue || {};
+  const seo = analytics.seo || {};
+  const attribution = analytics.attribution || {};
+
+  const visitors = safeNumber(funnel.visitors);
+  const ctaClicks = safeNumber(funnel.ctaClicks);
+  const checkoutStarts = safeNumber(funnel.checkoutStarts);
+  const acquisitionLeads = safeNumber(funnel.acquisitionLeads);
+  const paidOrders = safeNumber(revenue.paidOrders, safeNumber(funnel.paidOrders));
+  const bookedRevenueCents = safeNumber(revenue.bookedRevenueCents);
+  const topTrafficChannel = funnel.topTrafficChannel || getPath(seo, ['topSurface', 'key'], null);
+  const topPaidSource = Object.entries(attribution.paidBySource || {})
+    .sort((a, b) => safeNumber(b[1]) - safeNumber(a[1]))[0];
+
+  artifact.title = 'Revenue Pulse';
+  artifact.metrics = {
+    visitors,
+    ctaClicks,
+    checkoutStarts,
+    acquisitionLeads,
+    paidOrders,
+    bookedRevenueCents,
+    bookedRevenue: formatCurrency(bookedRevenueCents),
+    visitorToPaidRate: safeNumber(funnel.visitorToPaidRate),
+  };
+
+  if (paidOrders > 0) {
+    artifact.status = 'actionable';
+    artifact.decision.label = 'Double down on converting source';
+    artifact.decision.rationale = 'Revenue is visible; the highest-ROI move is to reuse the source and copy that already converted.';
+    artifact.decision.nextActions = compactList([
+      topPaidSource ? `Create another offer using the paid source: ${topPaidSource[0]}.` : null,
+      topTrafficChannel ? `Fan out the winning acquisition angle on ${topTrafficChannel}.` : null,
+      'Keep checkout proof and pricing copy unchanged until the next conversion batch is measured.',
+    ], 3);
+  } else if (checkoutStarts > 0 || ctaClicks > 0) {
+    artifact.status = 'blocked';
+    artifact.decision.label = 'Fix checkout conversion';
+    artifact.decision.rationale = 'Intent exists, but the journey is not turning into paid orders.';
+    artifact.decision.nextActions = compactList([
+      `${checkoutStarts} checkout start(s) and ${ctaClicks} CTA click(s) need buyer-loss review.`,
+      'Audit checkout redirects, pricing objections, and proof placement before adding more traffic.',
+      topTrafficChannel ? `Inspect source-specific copy for ${topTrafficChannel}.` : null,
+    ], 4);
+  } else {
+    artifact.status = 'actionable';
+    artifact.decision.label = 'Create more acquisition surface';
+    artifact.decision.rationale = 'No paid orders or checkout intent are visible, so traffic and discovery injection beat infrastructure work.';
+    artifact.decision.nextActions = compactList([
+      'Publish one high-intent ThumbGate proof chunk with DPO, Pre-Action Gates, and Reliability Gateway terms.',
+      'Add one outreach or community distribution action tied to the latest verification evidence.',
+      topTrafficChannel ? `Reuse current top channel: ${topTrafficChannel}.` : 'Seed a first measurable traffic channel.',
+    ], 3);
+  }
+
+  artifact.summary = `${paidOrders} paid order(s), ${formatCurrency(bookedRevenueCents)} booked, ${visitors} visitors, ${checkoutStarts} checkout starts.`;
+  artifact.sections = [
+    {
+      title: 'Funnel',
+      bullets: [
+        `${visitors} visitors`,
+        `${ctaClicks} CTA clicks`,
+        `${checkoutStarts} checkout starts`,
+        `${paidOrders} paid orders`,
+      ],
+    },
+    {
+      title: 'Acquisition',
+      bullets: compactList([
+        topTrafficChannel ? `Top traffic channel: ${topTrafficChannel}` : 'No top traffic channel yet',
+        `${safeNumber(seo.landingViews)} SEO landing views`,
+        `${acquisitionLeads} acquisition leads`,
+      ]),
+    },
+  ];
+  artifact.evidence = [
+    buildEvidence('analytics.revenue.paidOrders', paidOrders),
+    buildEvidence('analytics.revenue.bookedRevenueCents', bookedRevenueCents),
+    buildEvidence('analytics.funnel.checkoutStarts', checkoutStarts),
+  ];
+  return artifact;
+}
+
+function classifyPr(pr, checks) {
+  const { summarizeChecks } = require('./pr-manager');
+  const summary = summarizeChecks(checks || []);
+  const mergeState = String(pr.mergeStateStatus || 'UNKNOWN').toUpperCase();
+  const mergeable = String(pr.mergeable || 'UNKNOWN').toUpperCase();
+  const reviewDecision = String(pr.reviewDecision || '').toUpperCase();
+  if (pr.isDraft) return { state: 'draft', blockers: ['draft'] };
+  if (mergeState === 'BEHIND') return { state: 'blocked', blockers: ['BEHIND'] };
+  if (mergeState === 'DIRTY' || mergeable === 'CONFLICTING') {
+    return { state: 'blocked', blockers: ['conflicts'] };
+  }
+  if (summary.failing.length > 0) return { state: 'blocked', blockers: summary.failing };
+  if (summary.pending.length > 0) return { state: 'pending', blockers: summary.pending };
+  if (reviewDecision === 'CHANGES_REQUESTED') {
+    return { state: 'blocked', blockers: ['changes_requested'] };
+  }
+  if (reviewDecision === 'REVIEW_REQUIRED') {
+    return { state: 'blocked', blockers: ['review_required'] };
+  }
+  if (['CLEAN', 'HAS_HOOKS'].includes(mergeState) && ['MERGEABLE', 'UNKNOWN'].includes(mergeable)) {
+    return { state: 'ready', blockers: [] };
+  }
+  return { state: 'pending', blockers: [pr.mergeStateStatus || 'unknown_state'] };
+}
+
+function createPrRow(pr, checks, classification) {
+  return {
+    number: pr.number,
+    title: pr.title,
+    url: pr.url,
+    draft: Boolean(pr.isDraft),
+    mergeStateStatus: pr.mergeStateStatus || null,
+    reviewDecision: pr.reviewDecision || null,
+    state: classification.state,
+    blockers: classification.blockers,
+    checkCount: checks.length,
+  };
+}
+
+function groupPrRows(rows) {
+  return {
+    ready: rows.filter((row) => row.state === 'ready'),
+    blocked: rows.filter((row) => row.state === 'blocked'),
+    pending: rows.filter((row) => row.state === 'pending'),
+    drafts: rows.filter((row) => row.state === 'draft'),
+  };
+}
+
+function getPrPulseStatus(groups) {
+  if (groups.blocked.length > 0) return 'blocked';
+  if (groups.ready.length > 0) return 'actionable';
+  if (groups.pending.length > 0) return 'watch';
+  return 'healthy';
+}
+
+function getPrPulseDecision(groups) {
+  if (groups.ready.length > 0) {
+    return {
+      label: 'Submit ready PRs through protected merge path',
+      rationale: 'Terminal checks and merge state are clean for at least one open PR.',
+    };
+  }
+  if (groups.blocked.length > 0) {
+    return {
+      label: 'Fix PR blockers',
+      rationale: 'One or more PRs have failing checks, draft state, or merge-state blockers.',
+    };
+  }
+  if (groups.pending.length > 0) {
+    return {
+      label: 'Wait for terminal checks',
+      rationale: 'Checks are still running; merging now would violate the protected path.',
+    };
+  }
+  return {
+    label: 'No PR action',
+    rationale: 'No open PRs require operator action.',
+  };
+}
+
+function formatPrNumbers(rows) {
+  return rows.map((row) => `#${row.number}`).join(', ');
+}
+
+function formatBlockedPrs(rows) {
+  return rows.map((row) => {
+    const blocker = row.blockers[0] || 'blocked';
+    return `#${row.number} (${blocker})`;
+  }).join(', ');
+}
+
+function buildPrNextActions(groups) {
+  return compactList([
+    groups.ready.length > 0 ? `Run npm run pr:manage for PR(s): ${formatPrNumbers(groups.ready)}.` : null,
+    groups.blocked.length > 0 ? `Unblock PR(s): ${formatBlockedPrs(groups.blocked)}.` : null,
+    groups.pending.length > 0 ? `Recheck pending PR(s): ${formatPrNumbers(groups.pending)}.` : null,
+    groups.drafts.length > 0 ? `Leave draft PR(s) alone until marked ready: ${formatPrNumbers(groups.drafts)}.` : null,
+  ], 4);
+}
+
+async function buildPrPulseArtifact(options = {}) {
+  const type = 'pr-pulse';
+  const artifact = artifactBase(type, options);
+  artifact.title = 'PR Pulse';
+
+  const prClient = options.prClient || require('./pr-manager');
+  const prs = Array.isArray(options.prs) ? options.prs : await prClient.listOpenPrs();
+  const checksByPr = options.checksByPr || {};
+  const rows = [];
+
+  for (const pr of prs) {
+    const number = pr.number;
+    let checks = checksByPr[number];
+    let checkError = null;
+    if (!Array.isArray(checks)) {
+      try {
+        checks = await prClient.getPrChecks(number);
+      } catch (err) {
+        checks = [];
+        checkError = getErrorMessage(err);
+      }
+    }
+    const classification = checkError
+      ? { state: 'blocked', blockers: [checkError] }
+      : classifyPr(pr, checks);
+    rows.push(createPrRow(pr, checks, classification));
+  }
+
+  const groups = groupPrRows(rows);
+  const decision = getPrPulseDecision(groups);
+
+  artifact.metrics = {
+    open: rows.length,
+    ready: groups.ready.length,
+    blocked: groups.blocked.length,
+    pending: groups.pending.length,
+    draft: groups.drafts.length,
+  };
+  artifact.status = getPrPulseStatus(groups);
+  artifact.summary = `${rows.length} open PR(s): ${groups.ready.length} ready, ${groups.blocked.length} blocked, ${groups.pending.length} pending, ${groups.drafts.length} draft.`;
+  artifact.decision.label = decision.label;
+  artifact.decision.rationale = decision.rationale;
+  artifact.decision.nextActions = buildPrNextActions(groups);
+  artifact.sections = [
+    {
+      title: 'Open PRs',
+      bullets: rows.map((row) => `#${row.number} ${row.state}: ${row.title || 'untitled'}`),
+      data: rows,
+    },
+  ];
+  artifact.evidence = [
+    buildEvidence('openPrs', rows.length),
+    buildEvidence('readyPrs', formatPrNumbers(groups.ready) || 'none'),
+    buildEvidence('blockedPrs', formatPrNumbers(groups.blocked) || 'none'),
+  ];
+  return artifact;
+}
+
+function buildReleaseReadinessArtifact(options = {}) {
+  const type = 'release-readiness';
+  const artifact = artifactBase(type, options);
+  const dashboard = options.dashboardData || {};
+  const packageInfo = options.packageInfo || readPackageInfo(options.packageRoot);
+  const health = dashboard.health || {};
+  const readiness = dashboard.readiness || {};
+  const gateAudit = dashboard.gateAudit || {};
+
+  const feedbackCount = safeNumber(health.feedbackCount);
+  const gateCount = safeNumber(health.gateCount);
+  const gateConfigLoaded = health.gateConfigLoaded !== false;
+  const warnings = Array.isArray(readiness.warnings) ? readiness.warnings : [];
+  const auditWarnings = safeNumber(gateAudit.warnings);
+  const version = packageInfo.version || 'unknown';
+
+  artifact.title = 'Release Readiness';
+  artifact.metrics = {
+    version,
+    feedbackCount,
+    gateCount,
+    gateConfigLoaded,
+    readinessWarnings: warnings.length,
+    gateAuditWarnings: auditWarnings,
+  };
+
+  if (!gateConfigLoaded || warnings.length > 0 || auditWarnings > 0) {
+    artifact.status = 'blocked';
+    artifact.decision.label = 'Hold release until readiness blockers are cleared';
+    artifact.decision.rationale = 'Release work needs a loaded gate config and no unresolved readiness warnings.';
+    artifact.decision.nextActions = compactList([
+      gateConfigLoaded ? null : 'Restore the gate config before release work.',
+      warnings[0] ? `Resolve readiness warning: ${warnings[0]}` : null,
+      auditWarnings > 0 ? `Clear ${auditWarnings} gate audit warning(s).` : null,
+      'Run the clean-worktree verification suite before publishing.',
+    ], 4);
+  } else {
+    artifact.status = 'actionable';
+    artifact.decision.label = 'Verify in a clean worktree';
+    artifact.decision.rationale = 'Local readiness inputs look sane; the next gate is exact-commit verification.';
+    artifact.decision.nextActions = [
+      'Run npm ci in a dedicated clean verification worktree.',
+      'Run npm test, npm run test:coverage, npm run prove:adapters, npm run prove:automation, and npm run self-heal:check.',
+      'Submit release PRs through npm run pr:manage after checks are terminal.',
+    ];
+  }
+
+  artifact.summary = `ThumbGate ${version}: ${gateCount} gates, ${feedbackCount} feedback events, ${warnings.length + auditWarnings} readiness warning(s).`;
+  artifact.sections = [
+    {
+      title: 'Release Inputs',
+      bullets: [
+        `Package version: ${version}`,
+        `Gate config: ${gateConfigLoaded ? 'loaded' : 'missing'}`,
+        `${gateCount} configured gates`,
+        `${feedbackCount} feedback events`,
+      ],
+    },
+    {
+      title: 'Verification',
+      bullets: artifact.decision.nextActions,
+    },
+  ];
+  artifact.evidence = [
+    buildEvidence('package.version', version, { path: 'package.json' }),
+    buildEvidence('dashboard.health.gateConfigLoaded', gateConfigLoaded),
+    buildEvidence('dashboard.readiness.warnings', warnings.length),
+  ];
+  return artifact;
+}
+
+function readPackageInfo(packageRoot) {
+  const root = packageRoot || path.join(__dirname, '..');
+  try {
+    return JSON.parse(fs.readFileSync(path.join(root, 'package.json'), 'utf8'));
+  } catch {
+    return {};
+  }
+}
+
+async function resolveDashboardData(options) {
+  if (options.dashboardData) return options.dashboardData;
+  const { generateDashboard } = require('./dashboard');
+  const { getFeedbackPaths } = require('./feedback-loop');
+  return generateDashboard(options.feedbackDir || getFeedbackPaths().FEEDBACK_DIR, {
+    now: options.now,
+  });
+}
+
+function resolveSessionReport(options) {
+  if (options.sessionReport) return options.sessionReport;
+  const { buildSessionReport } = require('./session-report');
+  return buildSessionReport({ windowHours: options.windowHours });
+}
+
+async function generateOperatorArtifact(options = {}) {
+  const type = normalizeArtifactType(options.type);
+  const windowHours = normalizeWindowHours(options.windowHours);
+  const sharedOptions = { ...options, type, windowHours };
+
+  if (type === 'pr-pulse') {
+    return buildPrPulseArtifact(sharedOptions);
+  }
+
+  const dashboardData = await resolveDashboardData(sharedOptions);
+  if (type === 'reliability-pulse') {
+    const sessionReport = resolveSessionReport(sharedOptions);
+    return buildReliabilityPulseArtifact({ ...sharedOptions, dashboardData, sessionReport });
+  }
+  if (type === 'revenue-pulse') {
+    return buildRevenuePulseArtifact({ ...sharedOptions, dashboardData });
+  }
+  return buildReleaseReadinessArtifact({ ...sharedOptions, dashboardData });
+}
+
+function formatArtifactMarkdown(artifact) {
+  const lines = [
+    `# ${artifact.title || artifact.type}`,
+    '',
+    `Status: ${artifact.status}`,
+    `Window: ${artifact.windowHours}h`,
+    `Generated: ${artifact.generatedAt}`,
+    '',
+    `Summary: ${artifact.summary}`,
+    '',
+    `Decision: ${artifact.decision.label}`,
+    '',
+    artifact.decision.rationale,
+    '',
+    'Next actions:',
+  ];
+  for (const action of artifact.decision.nextActions || []) {
+    lines.push(`- ${action}`);
+  }
+  for (const section of artifact.sections || []) {
+    lines.push('', `## ${section.title}`);
+    for (const bullet of section.bullets || []) {
+      lines.push(`- ${bullet}`);
+    }
+  }
+  if (Array.isArray(artifact.evidence) && artifact.evidence.length > 0) {
+    lines.push('', '## Evidence');
+    for (const item of artifact.evidence) {
+      lines.push(`- ${item.label}: ${item.value}`);
+    }
+  }
+  return `${lines.join('\n')}\n`;
+}
+
+module.exports = {
+  ARTIFACT_TYPES,
+  DEFAULT_WINDOW_HOURS,
+  MAX_WINDOW_HOURS,
+  buildPrPulseArtifact,
+  buildReliabilityPulseArtifact,
+  buildRevenuePulseArtifact,
+  buildReleaseReadinessArtifact,
+  formatArtifactMarkdown,
+  generateOperatorArtifact,
+  normalizeArtifactType,
+  normalizeWindowHours,
+};
+
+function isDirectCli() {
+  return Boolean(process.argv[1] && path.resolve(process.argv[1]) === __filename);
+}
+
+if (isDirectCli()) {
+  const args = process.argv.slice(2);
+  const typeArg = args.find((arg) => arg.startsWith('--type='));
+  const windowArg = args.find((arg) => arg.startsWith('--window-hours='));
+  const format = args.includes('--markdown') ? 'markdown' : 'json';
+  generateOperatorArtifact({
+    type: typeArg ? typeArg.slice('--type='.length) : args.find((arg) => !arg.startsWith('--')),
+    windowHours: windowArg ? windowArg.slice('--window-hours='.length) : undefined,
+  }).then((artifact) => {
+    if (format === 'markdown') {
+      process.stdout.write(formatArtifactMarkdown(artifact));
+      return;
+    }
+    process.stdout.write(`${JSON.stringify(artifact, null, 2)}\n`);
+  }).catch((err) => {
+    console.error(getErrorMessage(err));
+    process.exit(1);
+  });
+}

package/scripts/pr-manager.js

@@ -0,0 +1,421 @@
+#!/usr/bin/env node
+/**
+ * PR Manager — High-Throughput Merge & Blocker Diagnosis
+ * 
+ * Inspired by the 2026 GitHub 'Quick Access' update. Centralizes merge status 
+ * detection and triggers autonomous self-healing for common blockers.
+ */
+
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const { spawnSync } = require('node:child_process');
+const PR_FIELDS = 'number,state,mergeable,mergeStateStatus,statusCheckRollup,reviewDecision,isDraft,title,url,headRefOid,baseRefName,mergeCommit,mergedAt,mergedBy';
+const PR_CHECK_FIELDS = 'bucket,name,state,workflow,link,event';
+const MERGE_QUALITY_CHECKS = JSON.parse(
+  fs.readFileSync(path.join(__dirname, '..', 'config', 'merge-quality-checks.json'), 'utf8')
+);
+const FIXED_GH_BINARIES = [
+  '/usr/bin/gh',
+  '/usr/local/bin/gh',
+  '/opt/homebrew/bin/gh',
+];
+const SUCCESSFUL_CHECK_CONCLUSIONS = new Set(['SUCCESS', 'SKIPPED', 'NEUTRAL']);
+const FAILING_CHECK_CONCLUSIONS = new Set([
+  'ACTION_REQUIRED',
+  'CANCELLED',
+  'FAILURE',
+  'STALE',
+  'STARTUP_FAILURE',
+  'TIMED_OUT',
+]);
+const PASSING_BUCKETS = new Set((MERGE_QUALITY_CHECKS.passingBuckets || []).map((value) => String(value || '').toLowerCase()));
+const PENDING_BUCKETS = new Set((MERGE_QUALITY_CHECKS.pendingBuckets || []).map((value) => String(value || '').toLowerCase()));
+const FAILING_BUCKETS = new Set((MERGE_QUALITY_CHECKS.failingBuckets || []).map((value) => String(value || '').toLowerCase()));
+
+function assertSafeGhArgs(args) {
+  if (!Array.isArray(args) || args.length === 0) {
+    throw new Error('GH CLI args must be a non-empty array.');
+  }
+
+  return args.map((arg) => {
+    const normalized = String(arg ?? '');
+    if (!normalized || /\0/.test(normalized)) {
+      throw new Error(`Unsafe GH CLI arg: ${arg}`);
+    }
+    return normalized;
+  });
+}
+
+function normalizePrNumber(prNumber, { allowEmpty = true } = {}) {
+  const normalized = String(prNumber ?? '').trim();
+  if (!normalized) {
+    if (allowEmpty) {
+      return '';
+    }
+    throw new Error('PR number is required.');
+  }
+
+  if (!/^[1-9]\d*$/.test(normalized)) {
+    throw new Error(`Unsafe PR number: ${prNumber}`);
+  }
+
+  return normalized;
+}
+
+function resolveGhBinary(options = {}) {
+  const accessSync = options.accessSync || fs.accessSync;
+  const candidates = [];
+  const configuredBinary = String(process.env.THUMBGATE_GH_BIN || '').trim();
+
+  if (configuredBinary) {
+    if (!path.isAbsolute(configuredBinary)) {
+      throw new Error(`Unsafe GH binary path: ${configuredBinary}`);
+    }
+    candidates.push(configuredBinary);
+  }
+
+  candidates.push(...FIXED_GH_BINARIES);
+
+  for (const candidate of candidates) {
+    try {
+      accessSync(candidate, fs.constants.X_OK);
+      return candidate;
+    } catch {
+      continue;
+    }
+  }
+
+  throw new Error(`Unable to locate GH CLI in fixed paths: ${candidates.join(', ')}`);
+}
+
+function runGh(args, options = {}) {
+  return spawnSync(resolveGhBinary(options), assertSafeGhArgs(args), {
+    encoding: 'utf-8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+}
+
+function formatGhError(result) {
+  return (result.stderr || result.stdout || 'Unknown GH CLI failure').trim();
+}
+
+function isMissingCurrentBranchPr(result, prNumber) {
+  if (prNumber) {
+    return false;
+  }
+
+  return /no pull requests found for branch/i.test(formatGhError(result));
+}
+
+/**
+ * Fetch granular PR status using GH CLI
+ */
+function getPrStatus(prNumber = '', runner = runGh) {
+  const normalizedPrNumber = normalizePrNumber(prNumber);
+  const args = ['pr', 'view'];
+  if (normalizedPrNumber) args.push(normalizedPrNumber);
+  args.push('--json', PR_FIELDS);
+
+  const result = runner(args);
+  if (result.status !== 0) {
+    if (isMissingCurrentBranchPr(result, normalizedPrNumber)) {
+      return null;
+    }
+
+    throw new Error(`Failed to fetch PR status: ${formatGhError(result)}`);
+  }
+  return JSON.parse(result.stdout);
+}
+
+function getPrChecks(prNumber = '', runner = runGh) {
+  const normalizedPrNumber = normalizePrNumber(prNumber, { allowEmpty: false });
+  const result = runner(['pr', 'checks', normalizedPrNumber, '--json', PR_CHECK_FIELDS]);
+  if (result.status !== 0) {
+    throw new Error(`Failed to fetch PR checks: ${formatGhError(result)}`);
+  }
+
+  return JSON.parse(result.stdout || '[]');
+}
+
+function listOpenPrs(runner = runGh) {
+  const result = runner(['pr', 'list', '--state', 'open', '--json', PR_FIELDS]);
+  if (result.status !== 0) {
+    throw new Error(`Failed to list open PRs: ${formatGhError(result)}`);
+  }
+
+  return JSON.parse(result.stdout || '[]');
+}
+
+function isOpenPr(pr) {
+  return Boolean(pr) && String(pr.state || 'OPEN').toUpperCase() === 'OPEN';
+}
+
+function loadManagedPrs(prNumber = '', runner = runGh) {
+  if (prNumber) {
+    return [getPrStatus(prNumber, runner)];
+  }
+
+  const currentBranchPr = getPrStatus('', runner);
+  if (isOpenPr(currentBranchPr)) {
+    return [currentBranchPr];
+  }
+
+  return listOpenPrs(runner);
+}
+
+function summarizeChecks(checks = []) {
+  const failing = [];
+  const pending = [];
+
+  for (const check of checks) {
+    const name = check.name || 'unknown-check';
+    const bucket = String(check.bucket || '').toLowerCase();
+    if (bucket) {
+      if (FAILING_BUCKETS.has(bucket)) {
+        failing.push(name);
+        continue;
+      }
+
+      if (PENDING_BUCKETS.has(bucket)) {
+        pending.push(name);
+        continue;
+      }
+
+      if (PASSING_BUCKETS.has(bucket)) {
+        continue;
+      }
+    }
+
+    const conclusion = check.conclusion || null;
+    const status = check.status || (conclusion ? 'COMPLETED' : 'UNKNOWN');
+
+    if (status !== 'COMPLETED') {
+      pending.push(name);
+      continue;
+    }
+
+    if (conclusion && FAILING_CHECK_CONCLUSIONS.has(conclusion)) {
+      failing.push(name);
+      continue;
+    }
+
+    if (conclusion && !SUCCESSFUL_CHECK_CONCLUSIONS.has(conclusion)) {
+      pending.push(name);
+    }
+  }
+
+  return { failing, pending };
+}
+
+function sleep(ms) {
+  if (!ms || ms <= 0) return;
+  Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
+}
+
+/**
+ * Diagnose and resolve blockers autonomously
+ */
+async function resolveBlockers(pr, runner = runGh) {
+  const title = pr.title || 'Untitled PR';
+  const mergeState = pr.mergeStateStatus || 'UNKNOWN';
+  const mergeable = pr.mergeable || 'UNKNOWN';
+
+  console.log(`[PR Manager] Diagnosing PR #${pr.number}: "${title}"`);
+  console.log(`[PR Manager] Merge State: ${mergeState} | Mergeable: ${mergeable}`);
+
+  if (pr.isDraft) {
+    console.log('[PR Manager] PR is a draft. Skipping.');
+    return { status: 'skipped', reason: 'draft' };
+  }
+
+  // 1. Handle Outdated Branch (BEHIND)
+  if (pr.mergeStateStatus === 'BEHIND') {
+    console.log('[PR Manager] PR is behind main. Triggering auto-update...');
+    const update = runner(['pr', 'update-branch', pr.number.toString()]);
+    if (update.status === 0) {
+      return { status: 'healing', action: 'update-branch' };
+    }
+  }
+
+  // 2. Handle Merge Conflicts (DIRTY)
+  if (pr.mergeStateStatus === 'DIRTY' || pr.mergeable === 'CONFLICTING') {
+    console.log('[PR Manager] CRITICAL: Merge conflicts detected. Manual intervention or advanced rebase required.');
+    return { status: 'blocked', reason: 'conflicts' };
+  }
+
+  // 3. Handle CI Failures
+  let checks = pr.statusCheckRollup || [];
+  let checkSource = 'statusCheckRollup';
+
+  if (pr.number) {
+    try {
+      checks = getPrChecks(pr.number, runner);
+      checkSource = 'gh pr checks';
+    } catch (error) {
+      console.warn(`[PR Manager] Falling back to statusCheckRollup for PR #${pr.number}: ${error.message}`);
+    }
+  }
+
+  const checkSummary = summarizeChecks(checks);
+  const failingChecks = checkSummary.failing;
+
+  if (failingChecks.length > 0) {
+    console.log(`[PR Manager] BLOCKED: ${failingChecks.length} failing quality checks via ${checkSource}.`);
+    return { status: 'blocked', reason: 'ci_failure', checks: failingChecks, checkSource };
+  }
+
+  if (checkSummary.pending.length > 0) {
+    console.log(`[PR Manager] BLOCKED: ${checkSummary.pending.length} quality checks still pending via ${checkSource}.`);
+    return { status: 'blocked', reason: 'ci_pending', checks: checkSummary.pending, checkSource };
+  }
+
+  // 4. Handle Review Blockers
+  if (pr.reviewDecision === 'CHANGES_REQUESTED') {
+    console.log('[PR Manager] BLOCKED: Changes requested by reviewer.');
+    return { status: 'blocked', reason: 'changes_requested' };
+  }
+
+  if (pr.reviewDecision === 'REVIEW_REQUIRED') {
+    console.log('[PR Manager] BLOCKED: Required review is still outstanding.');
+    return { status: 'blocked', reason: 'review_required' };
+  }
+
+  // 5. Ready to Merge
+  if (pr.mergeStateStatus === 'CLEAN' && pr.mergeable === 'MERGEABLE') {
+    console.log('[PR Manager] SUCCESS: PR is ready for protected autonomous merge.');
+    return { status: 'ready' };
+  }
+
+  return { status: 'pending', reason: 'unknown_state' };
+}
+
+function waitForMergeCommit(prNumber, runner = runGh, options = {}) {
+  const timeoutMs = Number.isFinite(options.timeoutMs) ? options.timeoutMs : 300000;
+  const intervalMs = Number.isFinite(options.intervalMs) ? options.intervalMs : 10000;
+  const startedAt = Date.now();
+
+  do {
+    const pr = getPrStatus(prNumber, runner);
+    if (pr && String(pr.state || '').toUpperCase() === 'MERGED' && pr.mergeCommit && pr.mergeCommit.oid) {
+      return {
+        finalized: true,
+        merged: true,
+        mergeCommit: pr.mergeCommit.oid,
+        mergedAt: pr.mergedAt || null,
+        mergedBy: pr.mergedBy && pr.mergedBy.login ? pr.mergedBy.login : null,
+        pr,
+      };
+    }
+
+    if (pr && String(pr.state || '').toUpperCase() === 'CLOSED') {
+      return {
+        finalized: true,
+        merged: false,
+        reason: 'closed_without_merge',
+        pr,
+      };
+    }
+
+    if (intervalMs <= 0) {
+      break;
+    }
+
+    if ((Date.now() - startedAt + intervalMs) > timeoutMs) {
+      break;
+    }
+
+    sleep(intervalMs);
+  } while ((Date.now() - startedAt) <= timeoutMs);
+
+  return {
+    finalized: false,
+    merged: false,
+    reason: 'merge_commit_pending',
+  };
+}
+
+/**
+ * Perform autonomous merge
+ */
+function performMerge(prNumber, runner = runGh, options = {}) {
+  const normalizedPrNumber = normalizePrNumber(prNumber, { allowEmpty: false });
+  const args = ['pr', 'merge', normalizedPrNumber, '--squash', '--delete-branch'];
+  console.log(`[PR Manager] Initiating protected squash merge for PR #${normalizedPrNumber}...`);
+  const result = runner(args);
+  if (result.status === 0) {
+    const output = `${result.stdout || ''}\n${result.stderr || ''}`;
+    const mode = /merge queue|queued/i.test(output) ? 'queued' : 'merged';
+    console.log(`[PR Manager] Merge accepted for PR #${normalizedPrNumber} (${mode}).`);
+    const mergeStatus = options.waitForMerge === false
+      ? { finalized: false, merged: false, reason: 'merge_commit_pending' }
+      : waitForMergeCommit(normalizedPrNumber, runner, options);
+    return { ok: true, mode, args, ...mergeStatus };
+  } else {
+    console.error(`[PR Manager] Merge failed: ${formatGhError(result)}`);
+    return { ok: false, mode: 'failed', args, error: formatGhError(result) };
+  }
+}
+
+async function managePrs(prNumber = '', runner = runGh, options = {}) {
+  const prs = loadManagedPrs(prNumber, runner).filter(Boolean);
+
+  if (prs.length === 0) {
+    console.log('[PR Manager] No open pull requests found.');
+    return { status: 'noop', prs: [] };
+  }
+
+  const results = [];
+  for (const pr of prs) {
+    const outcome = await resolveBlockers(pr, runner);
+    if (outcome.status === 'ready') {
+      const mergeResult = performMerge(pr.number, runner, options);
+      outcome.mergeRequested = mergeResult.ok;
+      outcome.mergeMode = mergeResult.mode;
+      if (mergeResult.mergeCommit) {
+        outcome.mergeCommit = mergeResult.mergeCommit;
+      }
+      if (mergeResult.finalized !== undefined) {
+        outcome.mergeFinalized = mergeResult.finalized;
+      }
+      if (mergeResult.reason) {
+        outcome.mergeResolution = mergeResult.reason;
+      }
+    }
+
+    results.push({
+      number: pr.number,
+      title: pr.title,
+      outcome,
+    });
+  }
+
+  return { status: 'ok', prs: results };
+}
+
+if (require.main === module) {
+  const prNum = process.argv[2];
+  managePrs(prNum).then(() => {
+    process.exit(0);
+  }).catch((err) => {
+    console.error(err.message);
+    process.exit(1);
+  });
+}
+
+module.exports = {
+  assertSafeGhArgs,
+  getPrStatus,
+  getPrChecks,
+  listOpenPrs,
+  isOpenPr,
+  loadManagedPrs,
+  normalizePrNumber,
+  resolveBlockers,
+  resolveGhBinary,
+  waitForMergeCommit,
+  performMerge,
+  managePrs,
+  summarizeChecks,
+};

package/scripts/tool-registry.js

@@ -1156,6 +1156,22 @@ const TOOLS = [
       },
     },
   }),
+  readOnlyTool({
+    name: 'generate_operator_artifact',
+    description: 'Dynamic operator artifact generator. Turns ThumbGate PR, reliability, revenue, and release data into a decision-ready pulse with metrics, evidence, and next actions.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        type: {
+          type: 'string',
+          enum: ['pr-pulse', 'reliability-pulse', 'revenue-pulse', 'release-readiness'],
+          description: 'Artifact to generate. Defaults to reliability-pulse.',
+        },
+        windowHours: { type: 'number', description: 'Lookback window in hours (default 24, max 720)' },
+        format: { type: 'string', enum: ['json', 'markdown'], description: 'Response format. Defaults to json.' },
+      },
+    },
+  }),
   readOnlyTool({
     name: 'context_stuff_lessons',
     description: 'Dump ALL prevention lessons into a single text block for context-window injection. Bypasses RAG/search — returns every lesson sorted by confidence. For most projects (20-200 lessons), fits in 1K-10K tokens.',