thumbgate 1.14.1 → 1.16.0

package/scripts/ai-org-governance.js

@@ -0,0 +1,98 @@
+#!/usr/bin/env node
+'use strict';
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function normalizeBudget(value, fallback) {
+  const number = Number(value);
+  return Number.isFinite(number) && number >= 0 ? number : fallback;
+}
+
+function buildAiOrgGovernancePlan(input = {}) {
+  const mission = normalizeText(input.mission) || 'Continuously improve agent-governed workflows while staying within budget.';
+  const monthlyBudgetUsd = normalizeBudget(input.monthlyBudgetUsd, 25);
+  const roles = [
+    {
+      id: 'ceo',
+      title: 'Planner',
+      mission: 'Break goals into tickets, assign owners, and enforce ROI.',
+      monthlyBudgetUsd: normalizeBudget(input.ceoBudgetUsd, Math.min(10, monthlyBudgetUsd)),
+      canCreateAgents: false,
+    },
+    {
+      id: 'research_analyst',
+      title: 'Research Analyst',
+      mission: 'Collect market and technical signals into structured briefs.',
+      monthlyBudgetUsd: normalizeBudget(input.researchBudgetUsd, Math.min(5, monthlyBudgetUsd)),
+      canCreateAgents: false,
+    },
+    {
+      id: 'qa_operator',
+      title: 'QA Operator',
+      mission: 'Review evidence, tests, diffs, and spend anomalies before promotion.',
+      monthlyBudgetUsd: normalizeBudget(input.qaBudgetUsd, Math.min(5, monthlyBudgetUsd)),
+      canCreateAgents: false,
+    },
+  ];
+
+  return {
+    generatedAt: normalizeText(input.generatedAt) || new Date().toISOString(),
+    orgName: normalizeText(input.orgName) || 'ThumbGate Agent Company',
+    mission,
+    monthlyBudgetUsd,
+    roles,
+    ticketTemplates: [
+      {
+        id: 'market_signal_brief',
+        ownerRole: 'research_analyst',
+        outputSchema: ['source', 'claim', 'relevance', 'action', 'evidence'],
+      },
+      {
+        id: 'workflow_hardening',
+        ownerRole: 'ceo',
+        outputSchema: ['risk', 'gate', 'test', 'rollback', 'owner'],
+      },
+      {
+        id: 'evidence_review',
+        ownerRole: 'qa_operator',
+        outputSchema: ['claim', 'evidence', 'verdict', 'missing_proof'],
+      },
+    ],
+    approvalGates: [
+      'new_agent_role',
+      'budget_increase',
+      'credentialed_connector_write',
+      'production_release',
+      'public_claim_without_evidence',
+    ],
+    audit: {
+      daily: ['ticket outcomes', 'spend by role', 'blocked actions', 'open approvals'],
+      weekly: ['low ROI tickets', 'stale agents', 'budget cap changes', 'policy drift'],
+    },
+  };
+}
+
+function evaluateAiOrgAction(action = {}, plan = buildAiOrgGovernancePlan()) {
+  const type = normalizeText(action.type);
+  const issues = [];
+  if (type === 'create_agent') issues.push('new_agent_role');
+  if (type === 'raise_budget') issues.push('budget_increase');
+  if (type === 'connector_write') issues.push('credentialed_connector_write');
+  if (type === 'public_claim' && !(Array.isArray(action.evidence) && action.evidence.length > 0)) {
+    issues.push('public_claim_without_evidence');
+  }
+  const gateHits = issues.filter((issue) => plan.approvalGates.includes(issue));
+  return {
+    decision: gateHits.length > 0 ? 'warn' : 'allow',
+    gateHits,
+    requiredApproval: gateHits.length > 0,
+  };
+}
+
+module.exports = {
+  buildAiOrgGovernancePlan,
+  evaluateAiOrgAction,
+};

package/scripts/ai-search-distribution.js

@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+'use strict';
+
+function buildAiSearchDistributionPlan(input = {}) {
+  const brand = input.brand || 'ThumbGate';
+  const canonicalUrl = input.canonicalUrl || 'https://thumbgate-production.up.railway.app';
+  const proofUrl = input.proofUrl || `${canonicalUrl}/VERIFICATION_EVIDENCE.md`;
+  const claims = [
+    `${brand} is a pre-action gate system for AI agents.`,
+    `${brand} turns thumbs-up/down feedback into enforceable prevention rules.`,
+    `${brand} blocks known-bad tool actions before execution when wired into the agent runtime.`,
+    `${brand} provides decision journals, evidence gates, and workflow hardening for agentic teams.`,
+  ];
+  return {
+    brand,
+    canonicalUrl,
+    proofUrl,
+    entityClaims: claims,
+    fragments: claims.map((claim, index) => ({
+      id: `thumbgate_entity_fragment_${index + 1}`,
+      text: claim,
+      schemaHint: 'SoftwareApplication',
+      proofUrl,
+    })),
+    distributionSurfaces: [
+      'public/llm-context.md',
+      'README.md',
+      'GitHub About',
+      'npm package description',
+      'LinkedIn post',
+      'newsletter/webinar page',
+      'comparison pages',
+    ],
+    measurement: {
+      primary: ['AI citations', 'branded search mentions', 'LLM recommendation presence'],
+      secondary: ['referral clicks', 'checkout starts', 'workflow sprint leads'],
+    },
+  };
+}
+
+module.exports = {
+  buildAiSearchDistributionPlan,
+};

package/scripts/artifact-agent-plan.js

@@ -0,0 +1,81 @@
+#!/usr/bin/env node
+'use strict';
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function normalizeTask(task, index = 0) {
+  const id = normalizeText(task?.id) || `task-${index + 1}`;
+  return {
+    id,
+    description: normalizeText(task?.description),
+    branchName: normalizeText(task?.branchName) || id.toLowerCase().replaceAll(/[^a-z0-9]+/g, '-'),
+    priority: Number.isFinite(Number(task?.priority)) ? Number(task.priority) : index + 1,
+  };
+}
+
+function buildArtifactAgentPlan(input = {}) {
+  const baselineName = normalizeText(input.baselineName) || 'baseline';
+  const gitUrl = normalizeText(input.gitUrl) || 'https://github.com/IgorGanapolsky/ThumbGate.git';
+  const tasks = Array.isArray(input.tasks) ? input.tasks.map(normalizeTask) : [];
+  const forks = tasks.map((task) => ({
+    taskId: task.id,
+    forkName: `${baselineName}-${task.id}`.toLowerCase().replaceAll(/[^a-z0-9-]+/g, '-'),
+    branchName: task.branchName,
+    artifactRemote: null,
+    tokenRef: `artifact_token_${task.id}`,
+    status: 'planned',
+  }));
+
+  return {
+    generatedAt: normalizeText(input.generatedAt) || new Date().toISOString(),
+    baseline: {
+      name: baselineName,
+      gitUrl,
+      importIfMissing: true,
+    },
+    taskSchema: {
+      required: ['id', 'description', 'branchName', 'priority'],
+      properties: {
+        id: 'stable task identifier',
+        description: 'agent-readable task description',
+        branchName: 'deterministic branch/fork suffix',
+        priority: 'lower number runs first',
+      },
+    },
+    tasks,
+    forks,
+    runnerContract: {
+      filesystem: 'in_memory_git',
+      tools: ['read(path)', 'write(path, contents)', 'run_tests(command)', 'commit(message)'],
+      constraints: [
+        'read before write',
+        'minimize changes',
+        'commit every successful task',
+        'never expose artifact tokens in logs',
+      ],
+    },
+    reviewGate: {
+      requiredBeforeMerge: [
+        'diff summary',
+        'changed files',
+        'test output',
+        'decision journal entry',
+        'human or reviewer-agent approval',
+      ],
+      blockedWithout: ['baseline comparison', 'rollback path', 'evidence artifacts'],
+    },
+    observability: {
+      events: ['task_created', 'fork_created', 'agent_started', 'tool_call', 'commit_pushed', 'reviewed', 'merged_or_rejected'],
+      metrics: ['task_latency_ms', 'tool_call_count', 'test_pass_rate', 'review_reject_rate'],
+      traceKey: 'artifact_task_id',
+    },
+  };
+}
+
+module.exports = {
+  buildArtifactAgentPlan,
+  normalizeTask,
+};

package/scripts/billing.js

@@ -30,7 +30,6 @@ const {
   resolveFallbackArtifactPath,
 } = require('./feedback-paths');
 const { getTelemetryAnalytics, getTelemetrySourceDiagnostics } = require('./telemetry-analytics');
-const { loadWorkflowSprintLeads } = require('./workflow-sprint-intake');
 const {
   PRO_MONTHLY_PRICE_ID,
   PRO_ANNUAL_PRICE_ID,
@@ -52,6 +51,12 @@ const {
 const { ensureParentDir } = require('./fs-utils');
 const mailer = require('./mailer');
 
+function loadWorkflowSprintIntakeModule() {
+  const modulePath = path.resolve(__dirname, 'workflow-sprint-intake.js');
+  if (!fs.existsSync(modulePath)) return null;
+  return require(modulePath);
+}
+
 // ---------------------------------------------------------------------------
 // Config
 // ---------------------------------------------------------------------------
@@ -400,10 +405,23 @@ function resolveCheckoutBrandUrls(appOrigin) {
   const origin = resolvePublicAppOrigin(appOrigin);
   return {
     icon: joinPublicUrl(origin, '/assets/brand/thumbgate-icon-512.png'),
+    iconPro: joinPublicUrl(origin, '/assets/brand/thumbgate-icon-pro-512.png'),
+    iconTeam: joinPublicUrl(origin, '/assets/brand/thumbgate-icon-team-512.png'),
     logo: joinPublicUrl(origin, '/assets/brand/thumbgate-logo-1200x360.png'),
   };
 }
 
+// Resolve the per-tier product image that ships to Stripe `product_data.images`.
+// Keeping three distinct URLs means the Stripe dashboard and checkout surface
+// never show twins for Free/Pro/Team; see tests/billing-tier-icons.test.js.
+function resolveTierIconUrl(planId, appOrigin) {
+  const brandUrls = resolveCheckoutBrandUrls(appOrigin);
+  const normalized = typeof planId === 'string' ? planId.toLowerCase() : '';
+  if (normalized === 'team') return brandUrls.iconTeam;
+  if (normalized === 'pro') return brandUrls.iconPro;
+  return brandUrls.icon;
+}
+
 function buildCheckoutBrandingSettings(appOrigin) {
   const brandUrls = resolveCheckoutBrandUrls(appOrigin);
   return {
@@ -419,12 +437,11 @@ function buildCheckoutBrandingSettings(appOrigin) {
   };
 }
 
-function buildCheckoutProductData({ name, description, appOrigin }) {
-  const brandUrls = resolveCheckoutBrandUrls(appOrigin);
+function buildCheckoutProductData({ name, description, appOrigin, planId }) {
   return {
     name,
     description,
-    images: [brandUrls.icon],
+    images: [resolveTierIconUrl(planId, appOrigin)],
   };
 }
 
@@ -443,9 +460,10 @@ function buildSubscriptionPriceData(checkoutSelection, appOrigin) {
     product_data: buildCheckoutProductData({
       name: isTeam ? 'ThumbGate Team' : 'ThumbGate Pro',
       description: isTeam
-        ? 'Shared Pre-Action Gates, team governance, and workflow hardening for AI coding agents.'
-        : 'Local dashboard, DPO export, and Pre-Action Gates for AI coding agents.',
+        ? 'Shared Pre-Action Checks, team governance, and workflow hardening for AI coding agents.'
+        : 'Local dashboard, DPO export, and Pre-Action Checks for AI coding agents.',
       appOrigin,
+      planId: isTeam ? 'team' : 'pro',
     }),
   };
 }
@@ -516,7 +534,7 @@ function buildTrialActivationEmail({ customerEmail, apiKey, sessionId, planId, a
   const subject = 'Your 7-day ThumbGate Pro trial is live';
   const preheader = 'Activate Pro in one command, open the dashboard, and start blocking repeated AI coding mistakes.';
   const headline = 'Your 7-day ThumbGate Pro trial is live.';
-  const intro = 'ThumbGate turns thumbs up/down feedback into Pre-Action Gates that stop repeated AI coding mistakes before the next tool call. It keeps lessons local and turns repeated mistakes into Reliability Gateway blocks.';
+  const intro = 'ThumbGate turns thumbs up/down feedback into Pre-Action Checks that stop repeated AI coding mistakes before the next tool call. It keeps lessons local and turns repeated mistakes into Reliability Gateway blocks.';
   const exampleFeedback = 'thumbs down: the answer skipped exact files and tests; next time include paths, commands, and verification evidence.';
   const safeDashboardUrl = escapeHtml(dashboardUrl);
   const safeDocsUrl = escapeHtml(docsUrl);
@@ -1759,8 +1777,9 @@ function getBusinessAnalytics(options = {}) {
     (entry) => entry && entry.timestamp
   );
   const revenueEvents = loadResolvedRevenueEvents({ ...analyticsWindow, extraRevenueEvents });
+  const workflowSprintIntake = loadWorkflowSprintIntakeModule();
   const workflowSprintLeads = filterEntriesForWindow(
-    loadWorkflowSprintLeads(),
+    workflowSprintIntake ? workflowSprintIntake.loadWorkflowSprintLeads() : [],
     analyticsWindow,
     (entry) => entry && entry.submittedAt
   );

package/scripts/cli-feedback.js

@@ -73,7 +73,8 @@ function processInlineFeedback({ signal, context, chatHistory, whatWentWrong, wh
  */
 function formatCliOutput(result) {
   const lines = [];
-  const isDown = result.feedbackResult && result.feedbackResult.signal === 'negative';
+  const feedbackSignal = result.feedbackResult?.signal || result.feedbackResult?.feedbackEvent?.signal;
+  const isDown = ['down', 'negative', 'thumbs_down'].includes(feedbackSignal);
 
   // Header
   if (result.feedbackResult && result.feedbackResult.accepted !== false) {

package/scripts/cli-schema.js

@@ -10,6 +10,27 @@
  * Groups: capture | discovery | gates | export | ops | advanced
  */
 
+function jsonFlag() {
+  return { name: 'json', type: 'boolean', description: 'Output as JSON' };
+}
+
+function discoveryCommand({
+  name,
+  aliases = [],
+  description,
+  mcpTool,
+  flags = [],
+}) {
+  return {
+    name,
+    aliases,
+    description,
+    group: 'discovery',
+    ...(mcpTool ? { mcpTool } : {}),
+    flags,
+  };
+}
+
 const CLI_COMMANDS = [
   // -------------------------------------------------------------------------
   // Capture
@@ -71,7 +92,7 @@ const CLI_COMMANDS = [
   },
   {
     name: 'gate-stats',
-    description: 'Gate engine statistics — active gates, blocks, warns, time saved',
+    description: 'Check engine statistics — active checks, blocks, warns, time saved',
     group: 'discovery',
     flags: [
       { name: 'json', type: 'boolean', description: 'Output as JSON' },
@@ -99,14 +120,48 @@ const CLI_COMMANDS = [
       { name: 'json',   type: 'boolean', description: 'Output as JSON' },
     ],
   },
-  {
+  discoveryCommand({
     name: 'doctor',
     description: 'Audit runtime isolation, bootstrap context, and permission tier',
-    group: 'discovery',
+    flags: [jsonFlag()],
+  }),
+  discoveryCommand({
+    name: 'harness-audit',
+    aliases: ['harness'],
+    description: 'Score global docs, MCP discovery, and specialized check harnesses',
     flags: [
-      { name: 'json', type: 'boolean', description: 'Output as JSON' },
+      jsonFlag(),
+      { name: 'doc-token-budget', type: 'number', description: 'Global docs budget (default 9000)' },
     ],
-  },
+  }),
+  discoveryCommand({
+    name: 'eval',
+    aliases: ['prompt-eval'],
+    description: 'Turn feedback into reusable prompt/workflow eval proof',
+    flags: [
+      jsonFlag(),
+      { name: 'from-feedback', type: 'boolean', description: 'Generate eval cases from feedback-log.jsonl' },
+      { name: 'feedback-log', type: 'string', description: 'Explicit feedback-log.jsonl path' },
+      { name: 'feedback-dir', type: 'string', description: 'Explicit ThumbGate feedback directory' },
+      { name: 'suite', type: 'string', description: 'Run an existing prompt eval suite' },
+      { name: 'write-suite', type: 'string', description: 'Write generated suite JSON' },
+      { name: 'write-report', type: 'string', description: 'Write Markdown proof report' },
+      { name: 'min-score', type: 'number', description: 'Minimum passing score (default 80)' },
+      { name: 'max-cases', type: 'number', description: 'Maximum feedback-derived cases (default 25)' },
+    ],
+  }),
+  discoveryCommand({
+    name: 'native-messaging-audit',
+    aliases: ['bridge-audit'],
+    description: 'Audit local browser native messaging hosts and AI browser bridges',
+    mcpTool: 'native_messaging_audit',
+    flags: [
+      jsonFlag(),
+      { name: 'platform', type: 'string', description: 'Override platform detection (darwin | linux | win32)' },
+      { name: 'home-dir', type: 'string', description: 'Override home directory for manifest discovery' },
+      { name: 'ai-only', type: 'boolean', description: 'Only report AI/browser bridge manifests' },
+    ],
+  }),
   {
     name: 'lesson-health',
     aliases: ['stale'],

package/scripts/code-mode-mcp-plan.js

@@ -0,0 +1,71 @@
+'use strict';
+
+function estimateToolSchemaTokens(endpointCount, tokensPerEndpoint = 450) {
+  return Math.max(0, Number(endpointCount || 0) * Number(tokensPerEndpoint || 0));
+}
+
+function buildCodeModeMcpPlan(options = {}) {
+  const endpointCount = Number(options.endpointCount || 0);
+  const traditionalTokens = estimateToolSchemaTokens(endpointCount, options.tokensPerEndpoint);
+  const codeModeTokens = Number(options.codeModeTokens || 1000);
+
+  return {
+    pattern: 'code_mode_mcp',
+    endpointCount,
+    traditionalTokens,
+    codeModeTokens,
+    tokenReductionPercent: traditionalTokens > 0
+      ? Number((((traditionalTokens - codeModeTokens) / traditionalTokens) * 100).toFixed(2))
+      : 0,
+    tools: [
+      {
+        name: 'search',
+        purpose: 'Find the relevant API area, path, operation, or type without loading the whole schema into context.',
+      },
+      {
+        name: 'execute',
+        purpose: 'Run a bounded code snippet against typed API helpers inside a sandbox.',
+      },
+    ],
+    sandbox: {
+      filesystem: 'none',
+      environmentVariables: 'not_exposed',
+      outboundRequests: 'explicit_handlers_only',
+      maxExecutionMs: Number(options.maxExecutionMs || 10000),
+    },
+    gates: [
+      'search before execute',
+      'execute only against typed helper SDK',
+      'block raw credential access',
+      'record code snippet and API calls in audit log',
+      'require idempotency key for write operations',
+    ],
+  };
+}
+
+function evaluateCodeModeMcpPlan(plan = {}) {
+  const issues = [];
+  if (Number(plan.endpointCount || 0) < 100) issues.push('api_surface_too_small_for_code_mode');
+  if (!Array.isArray(plan.tools) || plan.tools.length !== 2) issues.push('expected_search_and_execute_only');
+  if (plan.sandbox?.filesystem !== 'none') issues.push('filesystem_must_be_disabled');
+  if (plan.sandbox?.environmentVariables !== 'not_exposed') issues.push('env_vars_must_not_be_exposed');
+  if (plan.sandbox?.outboundRequests !== 'explicit_handlers_only') issues.push('outbound_requests_need_handlers');
+  if (!Array.isArray(plan.gates) || !plan.gates.includes('search before execute')) {
+    issues.push('search_before_execute_required');
+  }
+  if (!Array.isArray(plan.gates) || !plan.gates.includes('require idempotency key for write operations')) {
+    issues.push('write_idempotency_required');
+  }
+
+  return {
+    decision: issues.length ? 'warn' : 'allow',
+    issues,
+    tokenReductionPercent: plan.tokenReductionPercent || 0,
+  };
+}
+
+module.exports = {
+  buildCodeModeMcpPlan,
+  estimateToolSchemaTokens,
+  evaluateCodeModeMcpPlan,
+};

package/scripts/commercial-offer.js

@@ -1,6 +1,6 @@
 'use strict';
 
-const PRO_MONTHLY_PAYMENT_LINK = 'https://buy.stripe.com/7sYcN5bmIf5IcSd8qf3sI0a';
+const PRO_MONTHLY_PAYMENT_LINK = 'https://thumbgate-production.up.railway.app/go/pro?utm_source=offer';
 const PRO_ANNUAL_PAYMENT_LINK = 'https://buy.stripe.com/3cI8wPfCYaPs2dzdKz3sI07';
 
 const PRO_MONTHLY_PRICE_ID = 'price_1THQY7GGBpd520QYHoS7RG0J';

package/scripts/context-engine.js

@@ -9,8 +9,7 @@
  * topical bundles and route queries to the most relevant subset. This reduces
  * MCP tool calls and context window consumption.
  *
- * Ported from Subway_RN_Demo/scripts/context-engine.js for ThumbGate.
- * Ported from Subway_RN_Demo/scripts/context-engine.js for thumbgate.
+ * Context assembly engine for ThumbGate feedback memory.
  * PATH: PROJECT_ROOT = path.join(__dirname, '..') — 1 level up from scripts/
  */
 

package/scripts/context-manager.js

@@ -26,7 +26,10 @@ const {
   readSessionHandoff,
   recordProvenance,
 } = require('./contextfs');
-const { retrieveRelevantLessons } = require('./lesson-retrieval');
+const { loadOptionalModule } = require('./private-core-boundary');
+const { retrieveRelevantLessons } = loadOptionalModule('./lesson-retrieval', () => ({
+  retrieveRelevantLessons: () => [],
+}));
 const { evaluatePretool } = require('./hybrid-feedback-context');
 const { loadProfile } = require('./user-profile');
 const {