thumbgate 1.14.1 → 1.15.0

package/scripts/rule-validator.js

@@ -0,0 +1,285 @@
+'use strict';
+
+/**
+ * scripts/rule-validator.js
+ *
+ * Pre-promotion validation harness for synthesized prevention rules.
+ *
+ * Why this exists:
+ *   Before this module, `synthesizePreventionRule` (lesson-synthesis.js) auto-
+ *   promoted any lesson that hit the occurrence threshold straight into
+ *   `synthesized-rules.jsonl` — no check that the proposed rule actually
+ *   matches the mistake pattern it was synthesized from, and no check that
+ *   it doesn't also fire on recent positive-signal events from overlapping
+ *   tags. That's the exact failure mode Autogenesis
+ *   (https://arxiv.org/abs/2604.15034) calls out: candidate improvements
+ *   must be validated through testing before integration, otherwise static
+ *   agents accumulate self-contradicting rules that degrade precision.
+ *
+ *   We already had 3 of the 4 Autogenesis phases:
+ *     - capability-gap identification (negative feedback events),
+ *     - candidate generation (synthesizePreventionRule),
+ *     - integration (append to synthesized-rules.jsonl).
+ *   The missing phase was validation. This module fills it.
+ *
+ * Validation contract:
+ *   A proposed rule is promotable iff:
+ *     1. It matches the seed lesson that triggered promotion (otherwise the
+ *        rule is tautologically broken — it wouldn't catch the mistake it
+ *        was built for).
+ *     2. Its precision on a recent-events sample clears a threshold
+ *        (default 0.8) — of the events the rule fires on, most must carry
+ *        the negative signal. A rule that blocks positive outcomes too is
+ *        a regression, not a prevention.
+ *
+ *   Recall is reported for operator visibility but does not gate
+ *   promotion — an overly specific rule is less harmful than an overly
+ *   broad one.
+ *
+ * Design notes:
+ *   - Pure functions, no IO. Caller supplies the event samples so tests
+ *     stay hermetic and the validator can run inside captureFeedback
+ *     without reaching for the filesystem.
+ *   - Token matching is deliberately simple (lowercase, punctuation strip,
+ *     length-2+ tokens, all-tokens-present) so the behavior is debuggable
+ *     from the console. We are not competing with NLP — we are gating a
+ *     one-line trigger string against a handful of sibling events.
+ */
+
+// Intentionally tiny stop list — we only drop noise that would erase the
+// trigger's discriminative tokens. If a stop-word-only rule ever matches a
+// positive event, that's a real false positive and we want to see it.
+const STOP = new Set([
+  'a', 'an', 'the', 'to', 'of', 'in', 'on', 'at', 'for', 'and', 'or',
+  'is', 'are', 'was', 'were', 'be', 'do', 'does', 'did',
+  'this', 'that', 'these', 'those',
+  'it', 'its', 'i', 'you', 'we', 'they',
+]);
+
+// Modality / negation words that `synthesizePreventionRule` commonly
+// inherits from lesson titles like "MISTAKE: never force-push". We want
+// these tokens to survive ordinary tokenize() output (they're legitimate
+// English), but we strip them from a rule's trigger before matching so
+// the rule still fires on events that describe the mistake without
+// echoing the modality. They remain meaningful in haystack positions.
+const TRIGGER_MODALITY = new Set(['never', 'always', 'ever', 'must', 'not', 'no']);
+
+/**
+ * Strip a few common English suffixes so "force-pushed" in a bug report
+ * matches a trigger token "push". We are NOT doing Porter-grade stemming;
+ * the goal is just to keep morphological variants from silently breaking
+ * the matcher. Minimum 3-char stem preserved so "goes" → "goe" (harmless)
+ * but "is" / "as" stay intact.
+ */
+function stem(token) {
+  if (token.length <= 3) return token;
+  if (token.endsWith('ing') && token.length > 5) return token.slice(0, -3);
+  if (token.endsWith('ed') && token.length > 4) return token.slice(0, -2);
+  if (token.endsWith('es') && token.length > 4) return token.slice(0, -2);
+  if (token.endsWith('s') && !token.endsWith('ss') && token.length > 3) {
+    return token.slice(0, -1);
+  }
+  return token;
+}
+
+function tokenize(text) {
+  if (text === null || text === undefined) return [];
+  return String(text)
+    .toLowerCase()
+    .replace(/[^a-z0-9\s]/g, ' ')
+    .split(/\s+/)
+    .filter((t) => t.length > 1 && !STOP.has(t))
+    .map(stem);
+}
+
+function eventText(event) {
+  if (!event || typeof event !== 'object') return '';
+  return [
+    event.title,
+    event.content,
+    event.whatToChange,
+    event.whatWentWrong,
+    event.whatWorked,
+    event.context,
+  ].filter(Boolean).join(' ');
+}
+
+function eventSignal(event) {
+  if (!event || typeof event !== 'object') return null;
+  const raw = event.signal;
+  if (!raw) return null;
+  const lower = String(raw).toLowerCase();
+  if (lower === 'up' || lower === 'positive') return 'positive';
+  if (lower === 'down' || lower === 'negative') return 'negative';
+  return lower;
+}
+
+/**
+ * Does `rule` fire on `event`? A rule fires when every content token of
+ * its trigger.condition appears in the event's combined text **in the
+ * same relative order** (subsequence match). An empty trigger never fires
+ * — that's a degenerate rule and we want the validator to reject it
+ * rather than silently match everything.
+ *
+ * Order matters because it's the cheapest way to distinguish
+ * "force-push to main caused incident" (trigger condition narrates the
+ * action) from "main branch healthy, no force push" (same tokens, wrong
+ * narrative). Without order we'd flag the second event as a false
+ * positive against every rule built on the same vocabulary.
+ */
+function ruleMatches(rule, event) {
+  const trigger = rule && rule.rule && rule.rule.trigger && rule.rule.trigger.condition;
+  const rawTokens = tokenize(trigger);
+  const tokens = rawTokens.filter((t) => !TRIGGER_MODALITY.has(t));
+  if (tokens.length === 0) return false;
+
+  const haystack = tokenize(eventText(event));
+  let hi = 0;
+  for (const t of tokens) {
+    while (hi < haystack.length && haystack[hi] !== t) hi += 1;
+    if (hi >= haystack.length) return false;
+    hi += 1;
+  }
+  return true;
+}
+
+/**
+ * Count true-positive / false-positive / false-negative / true-negative
+ * firings on a sample. Tags are used to scope the sample — only events
+ * that share at least one tag with the rule are considered, on the premise
+ * that a rule about git force-push shouldn't be precision-scored against
+ * deploy-pipeline events it was never meant to see.
+ */
+function scoreOnSample(rule, events, { scopeTags = null } = {}) {
+  const ruleTags = new Set((rule.tags || []).filter(Boolean).map((t) => String(t).toLowerCase()));
+  const scope = scopeTags ? new Set(scopeTags.map((t) => String(t).toLowerCase())) : null;
+
+  let tp = 0;
+  let fp = 0;
+  let fn = 0;
+  let tn = 0;
+
+  for (const event of Array.isArray(events) ? events : []) {
+    const tags = Array.isArray(event.tags)
+      ? event.tags.map((t) => String(t).toLowerCase())
+      : [];
+
+    // Out-of-scope events are ignored — they have nothing to say about
+    // this rule's precision.
+    if (scope && tags.length > 0 && !tags.some((t) => scope.has(t))) continue;
+    if (ruleTags.size > 0 && tags.length > 0 && !tags.some((t) => ruleTags.has(t))) continue;
+
+    const fires = ruleMatches(rule, event);
+    const signal = eventSignal(event);
+
+    if (signal === 'negative' && fires) tp += 1;
+    else if (signal === 'positive' && fires) fp += 1;
+    else if (signal === 'negative' && !fires) fn += 1;
+    else if (signal === 'positive' && !fires) tn += 1;
+  }
+
+  const firings = tp + fp;
+  const negatives = tp + fn;
+  return {
+    tp,
+    fp,
+    fn,
+    tn,
+    precision: firings > 0 ? tp / firings : null,
+    recall: negatives > 0 ? tp / negatives : null,
+  };
+}
+
+const DEFAULT_PRECISION_FLOOR = 0.8;
+const DEFAULT_MIN_SAMPLE = 3;
+
+/**
+ * Top-level validator. Returns a detailed report plus a boolean
+ * `shouldPromote`. The caller (feedback-loop) stamps the report onto the
+ * rule record so downstream operators can see why a rule was or wasn't
+ * promoted — silent rejection is worse than a rejected rule we can audit.
+ *
+ * Thresholds are overridable but the defaults are deliberately loose for
+ * Stage-1 rollout: precision ≥ 0.8, with a minimum of 3 sampled events in
+ * scope. Below the minimum sample, the validator promotes the rule but
+ * flags `reason: 'insufficient_sample'` so we don't starve the gate of new
+ * rules while feedback volume is still small.
+ */
+function validateProposedRule(rule, {
+  seedLesson,
+  recentEvents = [],
+  precisionFloor = DEFAULT_PRECISION_FLOOR,
+  minSample = DEFAULT_MIN_SAMPLE,
+} = {}) {
+  const report = {
+    shouldPromote: false,
+    reason: null,
+    matchesSeed: false,
+    precision: null,
+    recall: null,
+    sampleSize: 0,
+    tp: 0,
+    fp: 0,
+    fn: 0,
+    tn: 0,
+  };
+
+  if (!rule || !rule.rule) {
+    report.reason = 'invalid_rule_shape';
+    return report;
+  }
+
+  // Invariant 1: the rule must fire on the seed lesson. If it doesn't, the
+  // trigger extraction dropped the discriminative tokens and the rule is
+  // broken regardless of what the sample says.
+  report.matchesSeed = seedLesson ? ruleMatches(rule, seedLesson) : false;
+  if (!report.matchesSeed) {
+    report.reason = 'rule_does_not_match_seed_lesson';
+    return report;
+  }
+
+  // Invariant 2: precision on recent overlapping-tag events. We pass
+  // scopeTags = rule.tags so the scorer restricts to the same topical
+  // cluster as the rule.
+  const scoreReport = scoreOnSample(rule, recentEvents, { scopeTags: rule.tags });
+  Object.assign(report, scoreReport);
+  report.sampleSize = scoreReport.tp + scoreReport.fp + scoreReport.fn + scoreReport.tn;
+
+  if (report.sampleSize < minSample) {
+    // Permissive path: we can't prove harm, so allow promotion but flag
+    // the rule for later audit when more data accumulates.
+    report.shouldPromote = true;
+    report.reason = 'insufficient_sample';
+    return report;
+  }
+
+  if (report.precision === null) {
+    // Rule never fired on the in-scope sample. Still worth promoting
+    // because the seed invariant held — absence of firings just means
+    // this topic is quiet in recent history.
+    report.shouldPromote = true;
+    report.reason = 'no_firings_in_sample';
+    return report;
+  }
+
+  if (report.precision < precisionFloor) {
+    report.shouldPromote = false;
+    report.reason = 'precision_below_floor';
+    return report;
+  }
+
+  report.shouldPromote = true;
+  report.reason = 'validated';
+  return report;
+}
+
+module.exports = {
+  tokenize,
+  eventText,
+  eventSignal,
+  ruleMatches,
+  scoreOnSample,
+  validateProposedRule,
+  DEFAULT_PRECISION_FLOOR,
+  DEFAULT_MIN_SAMPLE,
+};

package/scripts/seo-gsd.js

@@ -43,6 +43,21 @@ const HIGH_ROI_QUERY_SEEDS = [
     source: 'seed',
     notes: 'Category-defining query that explains the core wedge.',
   },
+  querySeed(
+    'ai agent harness optimization',
+    94,
+    'Fresh harness-engineering demand that maps directly to ThumbGate progressive disclosure, pre-action gates, and workflow audits.',
+  ),
+  querySeed(
+    'browser automation safety',
+    93,
+    'High-intent browser-agent safety query tied to prompt injection, permissions, and cross-app automation risk.',
+  ),
+  querySeed(
+    'native messaging host security',
+    91,
+    'Security-led query that maps directly to browser bridge auditing and explicit connector governance.',
+  ),
   {
     query: 'thumbs up thumbs down feedback for ai coding agents',
     businessValue: 95,
@@ -99,6 +114,10 @@ const HIGH_ROI_QUERY_SEEDS = [
   },
 ];
 
+function querySeed(query, businessValue, notes) {
+  return { query, businessValue, source: 'seed', notes };
+}
+
 function guideBlueprint({
   query,
   path,
@@ -138,6 +157,163 @@ function answer(question, text) {
   return { question, answer: text };
 }
 
+function preActionGuide(slug, content) {
+  return guideBlueprint({
+    ...content,
+    path: `/guides/${slug}`,
+    pillar: 'pre-action-gates',
+  });
+}
+
+const HARNESS_OPTIMIZATION_QUERY = 'ai agent harness optimization';
+const HARNESS_OPTIMIZATION_GUIDE_SPEC = Object.freeze({
+  slug: 'agent-harness-optimization',
+  meta: {
+    query: HARNESS_OPTIMIZATION_QUERY,
+    title: 'AI Agent Harness Optimization | Progressive Disclosure + Pre-Action Gates',
+    heroTitle: 'AI Agent Harness Optimization That Blocks Repeat Failures',
+    heroSummary: 'A better harness keeps global instructions lean, loads MCP schemas only when needed, and turns feedback into pre-action gates. ThumbGate makes that workflow measurable and enforceable.',
+  },
+  takeaways: [
+    'Harness optimization is the control layer around the model: context, tools, guardrails, and feedback.',
+    'Progressive disclosure keeps agents out of prompt bloat while preserving proof and tool access.',
+    'ThumbGate adds a concrete audit path and Pre-Action Gates so harness lessons become runtime enforcement.',
+  ],
+  sections: [
+    ['paragraphs', 'What changed', [
+      'The model is no longer the whole system. The harness decides which instructions, tools, context packs, and approval rules the model sees before it acts.',
+      'When a team stuffs every rule into a global prompt, the agent loses reasoning room. When it routes work through lean discovery surfaces, the agent can fetch the exact tool schema, lesson, or harness only when the task requires it.',
+    ]],
+    ['bullets', 'How ThumbGate improves the harness', [
+      'Scores global agent docs so AGENTS.md, CLAUDE.md, and GEMINI.md stay lean instead of becoming unreviewable prompt bundles.',
+      'Publishes progressive MCP discovery through lightweight indexes and per-tool schema URLs.',
+      'Selects specialized gate harnesses for deploy, code-edit, and database-write actions instead of loading every gate for every workflow.',
+      'Turns thumbs-down feedback into prevention rules, then into hard Pre-Action Gates that block repeated mistakes.',
+    ]],
+    ['paragraphs', 'Where this creates ROI', [
+      'For acquisition, this page names the buyer category: AI agent harness optimization. For conversion, the CLI audit gives a concrete first action. For retention, the same audit keeps local instructions and MCP surfaces from drifting back into bloat.',
+    ]],
+  ],
+  faq: [
+    [
+      'What is an AI agent harness?',
+      'An AI agent harness is the runtime layer around the model: context loading, tool calls, guardrails, approval boundaries, memory, and verification. ThumbGate focuses on the enforcement part of that harness.',
+    ],
+    [
+      'How does ThumbGate optimize a harness?',
+      'ThumbGate keeps global instructions lean, supports progressive MCP discovery, selects workflow-specific gate harnesses, and converts feedback into Pre-Action Gates that block known-bad actions before execution.',
+    ],
+  ],
+  relatedPaths: ['/guides/pre-action-gates', '/guides/codex-cli-guardrails'],
+});
+
+function buildSectionFromSpec(kind, heading, entries) {
+  return kind === 'bullets' ? bullets(heading, entries) : paragraphs(heading, entries);
+}
+
+function buildHarnessOptimizationGuide() {
+  return preActionGuide(HARNESS_OPTIMIZATION_GUIDE_SPEC.slug, {
+    ...HARNESS_OPTIMIZATION_GUIDE_SPEC.meta,
+    takeaways: HARNESS_OPTIMIZATION_GUIDE_SPEC.takeaways,
+    sections: HARNESS_OPTIMIZATION_GUIDE_SPEC.sections.map(([kind, heading, entries]) => buildSectionFromSpec(kind, heading, entries)),
+    faq: HARNESS_OPTIMIZATION_GUIDE_SPEC.faq.map(([question, text]) => answer(question, text)),
+    relatedPaths: HARNESS_OPTIMIZATION_GUIDE_SPEC.relatedPaths,
+  });
+}
+
+const BROWSER_BRIDGE_GUIDE_SPECS = Object.freeze([
+  {
+    slug: 'browser-automation-safety',
+    meta: {
+      query: 'browser automation safety',
+      title: 'Browser Automation Safety | Prompt Injection, Permissions, and Pre-Action Gates',
+      heroTitle: 'Browser automation safety needs explicit approval boundaries',
+      heroSummary: 'Browser agents can click, type, and navigate for you, but they also widen prompt-injection and cross-app integration risk. ThumbGate adds approval boundaries, auditability, and a native messaging audit before those bridges turn into silent blast-radius expansion.',
+    },
+    takeaways: [
+      'Browser automation is useful because it has real permissions, which is exactly why it needs governance.',
+      'Prompt injection becomes more dangerous when an extension can reach a local executable through a browser bridge.',
+      'ThumbGate gives teams a first action now: audit native messaging hosts, then require explicit approval before browser-use connectors expand.',
+    ],
+    sections: [
+      ['paragraphs', 'Why browser-use changes the threat model', [
+        'Browser agents do not just read text. They can click buttons, fill forms, switch tabs, and sometimes bridge into local binaries. That means the blast radius is no longer only "bad output" but "real actions on live websites and local systems."',
+        'Once browser automation enters the stack, prompt injection stops being an abstract model weakness and becomes a workflow-governance problem. The right control is not more prompt advice. It is a hard boundary around what the agent is allowed to connect, install, and execute.',
+      ]],
+      ['bullets', 'What to audit first', [
+        'Which browser extensions hold automation permissions such as debugger, tabs, downloads, and nativeMessaging.',
+        'Whether the desktop app or CLI has registered native messaging hosts for browsers you did not explicitly connect.',
+        'Whether host manifests point to live local binaries and whether those binaries sit outside the browser sandbox.',
+        'Whether browser-use runs default to ask-before-acting or silently expand capability before a human approves them.',
+      ]],
+      ['paragraphs', 'How ThumbGate fits', [
+        'ThumbGate is the approval and enforcement layer around browser-use. Start by running npx thumbgate native-messaging-audit. Then gate future connector installs, record who approved them, and turn browser-bridge mistakes into Pre-Action Gates before the same pattern repeats.',
+      ]],
+    ],
+    faq: [
+      [
+        'Why is browser automation riskier than ordinary chat?',
+        'Because the agent can take real actions in a browser and may also reach local executables through native messaging bridges. That turns prompt injection and permission drift into operational risk, not just output-quality risk.',
+      ],
+      [
+        'What should a team do before enabling browser-use broadly?',
+        'Audit native messaging hosts, review extension permissions, keep ask-before-acting enabled by default, and require explicit approval for any cross-app connector that expands the agent runtime beyond the browser sandbox.',
+      ],
+    ],
+    relatedPaths: ['/guides/native-messaging-host-security', '/guides/pre-action-gates'],
+  },
+  {
+    slug: 'native-messaging-host-security',
+    meta: {
+      query: 'native messaging host security',
+      title: 'Native Messaging Host Security | Audit Browser Bridges Before They Expand',
+      heroTitle: 'Native messaging host security for AI browser bridges',
+      heroSummary: 'Native messaging hosts let browser extensions talk to local executables. That can be useful, but it also creates a persistent bridge outside the browser sandbox. ThumbGate audits those registrations and helps teams require explicit approval before they become part of the workflow.',
+    },
+    takeaways: [
+      'Native messaging is a real local capability boundary, not a harmless implementation detail.',
+      'A manifest can pre-authorize extension origins long before a human operator understands the blast radius.',
+      'ThumbGate turns native messaging review into an auditable operator workflow instead of an invisible local side effect.',
+    ],
+    sections: [
+      ['paragraphs', 'What native messaging hosts actually do', [
+        'A native messaging host is a local manifest that tells a browser extension which executable it may launch on the operator machine. That bridge sits outside the browser sandbox, so it deserves the same review discipline teams use for deploy credentials or production write access.',
+        'The risk is not only the host binary itself. It is the combination of extension permissions, allowed origins, and whether the host remains registered for browsers the operator did not intentionally connect.',
+      ]],
+      ['bullets', 'Signals ThumbGate audits', [
+        'Manifest files under browser-specific NativeMessagingHosts directories on macOS and Linux.',
+        'Allowed extension origins and extension-id fan-out per host registration.',
+        'Host binaries that are missing on disk, which leaves stale or broken registrations behind.',
+        'AI/browser bridge manifests registered for browsers not detected in the usual local install paths.',
+      ]],
+      ['paragraphs', 'The fastest operator action', [
+        'Run npx thumbgate native-messaging-audit --json in the repo or workstation you govern. Review every AI browser bridge, remove anything you did not intentionally integrate, and keep browser-use in ask-before-acting mode until connector scope is explicit and revocable.',
+      ]],
+    ],
+    faq: [
+      [
+        'Why does native messaging deserve a separate security review?',
+        'Because it lets a browser extension hand work to a local executable outside the browser sandbox. That is a different trust boundary than ordinary page automation or side-panel UI access.',
+      ],
+      [
+        'How does ThumbGate help with native messaging host security?',
+        'ThumbGate audits known host locations, highlights AI/browser bridges, flags stale or missing host binaries, and gives teams an enforcement layer so future connector expansion requires explicit approval.',
+      ],
+    ],
+    relatedPaths: ['/guides/browser-automation-safety', '/guides/pre-action-gates'],
+  },
+]);
+
+function buildBrowserBridgeGuide(spec) {
+  return preActionGuide(spec.slug, {
+    ...spec.meta,
+    takeaways: spec.takeaways,
+    sections: spec.sections.map(([kind, heading, entries]) => buildSectionFromSpec(kind, heading, entries)),
+    faq: spec.faq.map(([question, text]) => answer(question, text)),
+    relatedPaths: spec.relatedPaths,
+  });
+}
+
 const PAGE_BLUEPRINTS = [
   {
     query: 'thumbgate vs speclock',
@@ -288,6 +464,7 @@ const PAGE_BLUEPRINTS = [
     ],
     relatedPaths: ['/compare/speclock', '/guides/claude-code-feedback'],
   },
+  buildHarnessOptimizationGuide(),
   {
     query: 'stop ai coding agents from repeating mistakes',
     path: '/guides/stop-repeated-ai-agent-mistakes',
@@ -529,6 +706,7 @@ const PAGE_BLUEPRINTS = [
     ],
     relatedPaths: ['/compare/mem0', '/guides/stop-repeated-ai-agent-mistakes'],
   },
+  ...BROWSER_BRIDGE_GUIDE_SPECS.map(buildBrowserBridgeGuide),
   guideBlueprint({
     query: 'autoresearch agent safety',
     path: '/guides/autoresearch-agent-safety',
@@ -749,7 +927,7 @@ function classifyIntent(query) {
     return 'commercial';
   }
   if (/\b(what is|how to|guide|best practices|why)\b/.test(normalized)) return 'informational';
-  if (/\b(guardrails|pre-action gates|feedback|prevent repeated mistakes|repeating mistakes|memory)\b/.test(normalized)) {
+  if (/\b(guardrails|pre-action gates|feedback|prevent repeated mistakes|repeating mistakes|memory|harness optimization)\b/.test(normalized)) {
     return 'commercial';
   }
   return 'informational';
@@ -759,7 +937,7 @@ function inferPillar(query) {
   const normalized = normalizeText(query).toLowerCase();
   if (/\b(speclock|mem0|alternative|vs|compare|comparison)\b/.test(normalized)) return 'comparison';
   if (/\b(thumbs up|thumbs down|feedback|reinforce|mistake)\b/.test(normalized)) return 'feedback-loop';
-  if (/\b(autoresearch|self-improving|benchmark|reward hacking)\b/.test(normalized)) return 'pre-action-gates';
+  if (/\b(autoresearch|self-improving|benchmark|reward hacking|harness optimization|browser automation|native messaging|browser bridge|prompt injection)\b/.test(normalized)) return 'pre-action-gates';
   if (/\b(pre-action gates|guardrails|block|prevent repeated mistakes|repeating mistakes)\b/.test(normalized)) return 'pre-action-gates';
   if (/\b(claude code|cursor|codex|gemini|amp|opencode|integration|plugin)\b/.test(normalized)) return 'agent-workflows';
   return 'ai-agent-reliability';
@@ -1139,6 +1317,7 @@ function renderSeoPageHtml(page, runtimeConfig = {}) {
   <meta property="og:type" content="article" />
   <meta property="og:url" content="${escapeHtml(canonicalUrl)}" />
   <link rel="canonical" href="${escapeHtml(canonicalUrl)}" />
+  <link rel="llm-context" href="/public/llm-context.md" type="text/markdown" />
   <link rel="icon" type="image/svg+xml" href="/thumbgate-icon.png" />
   <link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg" />
   <meta property="og:image" content="/og.png" />
@@ -1379,6 +1558,7 @@ ${renderWebPageJsonLd(page, { appOrigin })}
           <p><strong>Opportunity score:</strong> ${page.opportunityScore}</p>
           <p><strong>Primary persona:</strong> ${escapeHtml(page.persona)}</p>
           <p><strong>Keyword cluster:</strong> ${escapeHtml(page.keywordCluster.join(', '))}</p>
+          <p><strong>Pricing:</strong> Pro $19/mo or $149/yr. Team $49/seat/mo.</p>
           <div class="proof-links">${proofLinks}</div>
           <a class="cta-button" href="${escapeHtml(page.cta.href)}" target="_blank" rel="noopener">${escapeHtml(page.cta.label)}</a>
         </div>

package/scripts/tool-registry.js

@@ -841,6 +841,18 @@ const TOOLS = [
       properties: {},
     },
   }),
+  readOnlyTool({
+    name: 'native_messaging_audit',
+    description: 'Audit local browser native messaging hosts and AI browser bridges. Flags missing host binaries, pre-authorized extension bridges, and manifests for browsers not detected locally.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        platform: { type: 'string', enum: ['darwin', 'linux', 'win32'], description: 'Optional platform override for manifest discovery.' },
+        homeDir: { type: 'string', description: 'Optional home-directory override for manifest discovery.' },
+        aiOnly: { type: 'boolean', description: 'When true, only AI/browser bridge manifests are returned.' },
+      },
+    },
+  }),
   readOnlyTool({
     name: 'commerce_recall',
     description: 'Recall past feedback filtered by commerce categories (product_recommendation, brand_compliance, sizing, pricing, regulatory). Returns quality scores alongside memories for agentic commerce agents.',

package/skills/thumbgate/SKILL.md

@@ -94,7 +94,7 @@ Bounded retrieval of relevant feedback history for the current task. The agent g
 | Seats | 1 | 1 | Per-seat |
 | Price | $0 | $19/mo | $49/seat/mo |
 
-Start a 7-day free trial of Pro: <https://buy.stripe.com/fZu9AT3Ug6zcdWh0XN3sI08>
+Start a 7-day free trial of Pro: <https://thumbgate-production.up.railway.app/go/pro?utm_source=skill>
 
 ## Compatibility
 

package/src/api/server.js

@@ -97,6 +97,7 @@ const {
   samplePosteriors,
 } = require('../../scripts/thompson-sampling');
 const {
+  appendFunnelEvent,
   createCheckoutSession,
   getCheckoutSessionStatus,
   provisionApiKey,
@@ -225,6 +226,7 @@ const GUIDE_PAGE_PATH = path.resolve(__dirname, '../../public/guide.html');
 const CODEX_PLUGIN_PAGE_PATH = path.resolve(__dirname, '../../public/codex-plugin.html');
 const COMPARE_PAGE_PATH = path.resolve(__dirname, '../../public/compare.html');
 const LEARN_PAGE_PATH = path.resolve(__dirname, '../../public/learn.html');
+const NUMBERS_PAGE_PATH = path.resolve(__dirname, '../../public/numbers.html');
 const LEARN_DIR = path.resolve(__dirname, '../../public/learn');
 const GUIDES_DIR = path.resolve(__dirname, '../../public/guides');
 const COMPARE_DIR = path.resolve(__dirname, '../../public/compare');
@@ -2161,6 +2163,37 @@ function servePublicMarketingPage({
     'landing_page_view'
   );
 
+  // Funnel-ledger write (2026-04-21): populate funnel-events.jsonl with a
+  // discovery-stage event on every landing-page view so UTM-tagged social
+  // traffic becomes visible in `npm run feedback:summary` and
+  // `bin/cli.js cfo --today`. Prior to this wire, landing views wrote only
+  // to telemetry-pings.jsonl (invisible to the CEO-facing revenue surface),
+  // leaving funnel-events.jsonl empty despite 404 published Zernio posts.
+  // Best-effort: wrapped in try/catch so a billing-ledger hiccup never
+  // breaks a page render.
+  try {
+    appendFunnelEvent({
+      stage: 'discovery',
+      event: 'landing_view',
+      installId: journeyState.visitorId || null,
+      traceId: journeyState.acquisitionId || null,
+      evidence: landingAttribution.landingPath || 'landing_view',
+      metadata: {
+        page: extraTelemetry.pageType || landingAttribution.page || 'landing',
+        utmSource: landingAttribution.utmSource || null,
+        utmMedium: landingAttribution.utmMedium || null,
+        utmCampaign: landingAttribution.utmCampaign || null,
+        utmContent: landingAttribution.utmContent || null,
+        utmTerm: landingAttribution.utmTerm || null,
+        referrerHost: landingAttribution.referrerHost || null,
+        sessionId: journeyState.sessionId || null,
+      },
+    });
+  } catch {
+    // Funnel ledger is best-effort on page render; telemetry-pings remains
+    // the authoritative observability path if the ledger write fails.
+  }
+
   if (isSeoAttributionSource(landingAttribution.source)) {
     appendBestEffortTelemetry(FEEDBACK_DIR, {
       eventType: 'seo_landing_view',
@@ -3777,6 +3810,26 @@ async function addContext(){
       return;
     }
 
+    if (isGetLikeRequest && (pathname === '/numbers' || pathname === '/numbers.html')) {
+      // Route through servePublicMarketingPage so landing_page_view telemetry
+      // + funnel-events.jsonl `discovery/landing_view` get captured with UTM
+      // attribution — critical for Zernio social CTAs that target /numbers.
+      try {
+        servePublicMarketingPage({
+          req,
+          res,
+          parsed,
+          hostedConfig,
+          isHeadRequest,
+          renderHtml: () => fs.readFileSync(NUMBERS_PAGE_PATH, 'utf-8'),
+          extraTelemetry: { pageType: 'numbers' },
+        });
+      } catch {
+        sendJson(res, 404, { error: 'Numbers page not found' });
+      }
+      return;
+    }
+
     if (isGetLikeRequest && pathname === '/learn/learn.css') {
       try {
         const cssPath = path.join(LEARN_DIR, 'learn.css');