thumbgate 1.15.0 → 1.16.0

package/scripts/agent-memory-lifecycle.js

@@ -0,0 +1,96 @@
+#!/usr/bin/env node
+'use strict';
+
+const MEMORY_TYPES = new Set(['episodic', 'semantic', 'procedural', 'preference', 'working']);
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function normalizeMemoryType(value) {
+  const normalized = normalizeText(value).toLowerCase();
+  return MEMORY_TYPES.has(normalized) ? normalized : 'episodic';
+}
+
+function buildMemoryLifecyclePolicy(input = {}) {
+  return {
+    generatedAt: normalizeText(input.generatedAt) || new Date().toISOString(),
+    memoryTypes: [
+      {
+        type: 'working',
+        purpose: 'Short-lived task context.',
+        retention: 'session',
+        promotionGate: 'discard unless referenced by outcome evidence',
+      },
+      {
+        type: 'episodic',
+        purpose: 'Specific agent actions, feedback, and outcomes.',
+        retention: 'bounded_history',
+        promotionGate: 'requires actionable context and source trace',
+      },
+      {
+        type: 'semantic',
+        purpose: 'Consolidated facts, standards, and reusable lessons.',
+        retention: 'durable',
+        promotionGate: 'requires deduplication and contradiction check',
+      },
+      {
+        type: 'procedural',
+        purpose: 'Reusable workflows, prompt programs, and gates.',
+        retention: 'durable',
+        promotionGate: 'requires test or replay evidence',
+      },
+      {
+        type: 'preference',
+        purpose: 'Operator style and decision preferences.',
+        retention: 'durable_redactable',
+        promotionGate: 'requires explicit user signal',
+      },
+    ],
+    retrieval: {
+      defaultTopK: 8,
+      recencyWeight: 0.25,
+      semanticWeight: 0.5,
+      outcomeWeight: 0.25,
+      requireSourceAnchors: true,
+    },
+    privacy: {
+      piiScanRequired: true,
+      secretScanRequired: true,
+      exportRequiresRedaction: true,
+    },
+  };
+}
+
+function evaluateMemoryPromotion(memory = {}, policy = buildMemoryLifecyclePolicy()) {
+  const type = normalizeMemoryType(memory.type);
+  const content = normalizeText(memory.content);
+  const source = normalizeText(memory.source);
+  const outcome = normalizeText(memory.outcome);
+  const issues = [];
+
+  if (!content) issues.push('missing_content');
+  if (!source) issues.push('missing_source_anchor');
+  if (type !== 'preference' && !outcome) issues.push('missing_outcome');
+  if (/api[_-]?key|secret|password|token|bearer\s+[a-z0-9._-]+/i.test(content)) {
+    issues.push('secret_like_content');
+  }
+  if (type === 'preference' && memory.explicitUserSignal !== true) {
+    issues.push('preference_without_explicit_signal');
+  }
+
+  return {
+    type,
+    decision: issues.length === 0 ? 'promote' : 'hold',
+    issues,
+    retrievalEligible: issues.length === 0 || !issues.includes('secret_like_content'),
+    policyVersion: policy.generatedAt,
+  };
+}
+
+module.exports = {
+  buildMemoryLifecyclePolicy,
+  evaluateMemoryPromotion,
+  normalizeMemoryType,
+};

package/scripts/agent-readiness-plan.js

@@ -0,0 +1,118 @@
+'use strict';
+
+const DEFAULT_CHECKS = [
+  {
+    id: 'robots_ai_rules',
+    category: 'discoverability',
+    artifact: 'public/robots.txt',
+    requirement: 'Declare sitemap and AI bot access policy.',
+  },
+  {
+    id: 'sitemap',
+    category: 'discoverability',
+    artifact: 'public/sitemap.xml',
+    requirement: 'Expose canonical public pages for crawlers and AI agents.',
+  },
+  {
+    id: 'markdown_negotiation',
+    category: 'content_accessibility',
+    artifact: 'public/llm-context.md',
+    requirement: 'Offer dense Markdown context for agents that prefer text-first retrieval.',
+  },
+  {
+    id: 'mcp_server_card',
+    category: 'protocol_discovery',
+    artifact: 'public/.well-known/mcp-server.json',
+    requirement: 'Publish MCP discovery metadata for agent tools.',
+  },
+  {
+    id: 'agent_skills',
+    category: 'protocol_discovery',
+    artifact: 'public/.well-known/agent-skills.json',
+    requirement: 'Describe callable skills and evidence requirements.',
+  },
+  {
+    id: 'oauth_protected_resource',
+    category: 'api_auth',
+    artifact: 'public/.well-known/oauth-protected-resource',
+    requirement: 'Advertise protected API resource metadata when authenticated tools exist.',
+  },
+  {
+    id: 'agentic_commerce',
+    category: 'commerce',
+    artifact: 'public/.well-known/agentic-commerce.json',
+    requirement: 'Expose paid plan, checkout, refund, and support metadata for commerce agents.',
+  },
+];
+
+function normalizeExisting(existing = []) {
+  if (Array.isArray(existing)) return new Set(existing);
+  return new Set(Object.entries(existing).filter(([, present]) => present).map(([id]) => id));
+}
+
+function buildAgentReadinessPlan(options = {}) {
+  const baseUrl = options.baseUrl || 'https://thumbgate-production.up.railway.app';
+  const existing = normalizeExisting(options.existing);
+  const checks = (options.checks || DEFAULT_CHECKS).map((check) => {
+    const present = existing.has(check.id) || existing.has(check.artifact);
+    return {
+      ...check,
+      status: present ? 'present' : 'missing',
+      url: check.artifact.startsWith('public/')
+        ? `${baseUrl}/${check.artifact.replace(/^public\//, '')}`
+        : `${baseUrl}/${check.artifact}`,
+    };
+  });
+  const missing = checks.filter((check) => check.status === 'missing');
+
+  return {
+    baseUrl,
+    score: Math.round(((checks.length - missing.length) / checks.length) * 100),
+    checks,
+    quickWins: missing
+      .filter((check) => ['discoverability', 'content_accessibility', 'protocol_discovery'].includes(check.category))
+      .slice(0, 5)
+      .map((check) => ({
+        id: check.id,
+        action: `publish ${check.artifact}`,
+        reason: check.requirement,
+      })),
+    promotionAngles: [
+      'agent-ready pre-action gates',
+      'MCP-discoverable reliability gateway',
+      'machine-readable evidence before agent actions',
+      'commerce metadata for paid operator lanes',
+    ],
+  };
+}
+
+function evaluateAgentReadinessPlan(plan) {
+  const issues = [];
+  const required = [
+    'robots_ai_rules',
+    'sitemap',
+    'markdown_negotiation',
+    'mcp_server_card',
+  ];
+  const byId = new Map((plan.checks || []).map((check) => [check.id, check]));
+
+  for (const id of required) {
+    if (byId.get(id)?.status !== 'present') issues.push(`missing_${id}`);
+  }
+
+  if (!plan.baseUrl?.startsWith('https://')) {
+    issues.push('https_base_url_required');
+  }
+
+  return {
+    decision: issues.length ? 'warn' : 'allow',
+    issues,
+    score: plan.score || 0,
+  };
+}
+
+module.exports = {
+  DEFAULT_CHECKS,
+  buildAgentReadinessPlan,
+  evaluateAgentReadinessPlan,
+};

package/scripts/agentic-data-pipeline.js

@@ -17,7 +17,27 @@ const {
   serializeAnalyticsWindow,
 } = require('./analytics-window');
 const { appendWorkflowRun } = require('./workflow-runs');
-const { buildPredictiveInsights } = require('./predictive-insights');
+const {
+  createUnavailableReport,
+  loadOptionalModule,
+} = require('./private-core-boundary');
+const { buildPredictiveInsights } = loadOptionalModule('./predictive-insights', () => ({
+  buildPredictiveInsights: () => ({
+    opportunitySummary: [],
+    anomalySummary: { count: 0, severity: 'none' },
+    topCreators: [],
+    topSources: [],
+    upgradePropensity: {
+      pro: { band: 'unavailable', score: 0 },
+      team: { band: 'unavailable', score: 0 },
+    },
+    revenueForecast: {
+      predictedBookedRevenueCents: 0,
+      incrementalOpportunityCents: 0,
+    },
+    ...createUnavailableReport('Predictive insights'),
+  }),
+}));
 const { ensureDir } = require('./fs-utils');
 
 const PIPELINE_DIRNAME = 'agentic-data-pipeline';

package/scripts/agents-sdk-sandbox-plan.js

@@ -0,0 +1,57 @@
+'use strict';
+
+function buildAgentsSdkSandboxPlan(options = {}) {
+  const provider = options.provider || 'unix_local';
+  const mounts = options.mounts || [{ name: 'data', mode: 'read_only' }];
+  const outputDir = options.outputDir || 'outputs';
+
+  return {
+    harness: 'openai_agents_sdk_sandbox',
+    provider,
+    manifest: {
+      mounts,
+      outputDir,
+      network: options.network || 'disabled_by_default',
+      allowedCommands: options.allowedCommands || ['npm test', 'npm run test:coverage'],
+    },
+    separation: {
+      credentialsInSandbox: false,
+      toolBrokerOwnsSecrets: true,
+      sandboxGetsScopedFilesOnly: true,
+    },
+    durability: {
+      externalState: true,
+      checkpoints: ['manifest_loaded', 'tools_completed', 'patch_written', 'tests_run'],
+      rehydrateOnSandboxLoss: true,
+    },
+    gates: [
+      'read manifest before file access',
+      'write only under declared output or scoped repo path',
+      'cite source filenames for data-room answers',
+      'run configured verification before completion claim',
+      'persist decision journal outside sandbox',
+    ],
+  };
+}
+
+function evaluateSandboxPlan(plan = {}) {
+  const issues = [];
+  if (!plan.manifest?.mounts?.length) issues.push('missing_manifest_mounts');
+  if (!plan.manifest?.outputDir) issues.push('missing_output_dir');
+  if (plan.separation?.credentialsInSandbox !== false) issues.push('credentials_must_stay_outside_sandbox');
+  if (!plan.durability?.externalState) issues.push('external_state_required');
+  if (!plan.durability?.rehydrateOnSandboxLoss) issues.push('rehydration_required');
+  if (!Array.isArray(plan.gates) || !plan.gates.some((gate) => /verification/i.test(gate))) {
+    issues.push('verification_gate_required');
+  }
+
+  return {
+    decision: issues.length ? 'warn' : 'allow',
+    issues,
+  };
+}
+
+module.exports = {
+  buildAgentsSdkSandboxPlan,
+  evaluateSandboxPlan,
+};

package/scripts/ai-org-governance.js

@@ -0,0 +1,98 @@
+#!/usr/bin/env node
+'use strict';
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function normalizeBudget(value, fallback) {
+  const number = Number(value);
+  return Number.isFinite(number) && number >= 0 ? number : fallback;
+}
+
+function buildAiOrgGovernancePlan(input = {}) {
+  const mission = normalizeText(input.mission) || 'Continuously improve agent-governed workflows while staying within budget.';
+  const monthlyBudgetUsd = normalizeBudget(input.monthlyBudgetUsd, 25);
+  const roles = [
+    {
+      id: 'ceo',
+      title: 'Planner',
+      mission: 'Break goals into tickets, assign owners, and enforce ROI.',
+      monthlyBudgetUsd: normalizeBudget(input.ceoBudgetUsd, Math.min(10, monthlyBudgetUsd)),
+      canCreateAgents: false,
+    },
+    {
+      id: 'research_analyst',
+      title: 'Research Analyst',
+      mission: 'Collect market and technical signals into structured briefs.',
+      monthlyBudgetUsd: normalizeBudget(input.researchBudgetUsd, Math.min(5, monthlyBudgetUsd)),
+      canCreateAgents: false,
+    },
+    {
+      id: 'qa_operator',
+      title: 'QA Operator',
+      mission: 'Review evidence, tests, diffs, and spend anomalies before promotion.',
+      monthlyBudgetUsd: normalizeBudget(input.qaBudgetUsd, Math.min(5, monthlyBudgetUsd)),
+      canCreateAgents: false,
+    },
+  ];
+
+  return {
+    generatedAt: normalizeText(input.generatedAt) || new Date().toISOString(),
+    orgName: normalizeText(input.orgName) || 'ThumbGate Agent Company',
+    mission,
+    monthlyBudgetUsd,
+    roles,
+    ticketTemplates: [
+      {
+        id: 'market_signal_brief',
+        ownerRole: 'research_analyst',
+        outputSchema: ['source', 'claim', 'relevance', 'action', 'evidence'],
+      },
+      {
+        id: 'workflow_hardening',
+        ownerRole: 'ceo',
+        outputSchema: ['risk', 'gate', 'test', 'rollback', 'owner'],
+      },
+      {
+        id: 'evidence_review',
+        ownerRole: 'qa_operator',
+        outputSchema: ['claim', 'evidence', 'verdict', 'missing_proof'],
+      },
+    ],
+    approvalGates: [
+      'new_agent_role',
+      'budget_increase',
+      'credentialed_connector_write',
+      'production_release',
+      'public_claim_without_evidence',
+    ],
+    audit: {
+      daily: ['ticket outcomes', 'spend by role', 'blocked actions', 'open approvals'],
+      weekly: ['low ROI tickets', 'stale agents', 'budget cap changes', 'policy drift'],
+    },
+  };
+}
+
+function evaluateAiOrgAction(action = {}, plan = buildAiOrgGovernancePlan()) {
+  const type = normalizeText(action.type);
+  const issues = [];
+  if (type === 'create_agent') issues.push('new_agent_role');
+  if (type === 'raise_budget') issues.push('budget_increase');
+  if (type === 'connector_write') issues.push('credentialed_connector_write');
+  if (type === 'public_claim' && !(Array.isArray(action.evidence) && action.evidence.length > 0)) {
+    issues.push('public_claim_without_evidence');
+  }
+  const gateHits = issues.filter((issue) => plan.approvalGates.includes(issue));
+  return {
+    decision: gateHits.length > 0 ? 'warn' : 'allow',
+    gateHits,
+    requiredApproval: gateHits.length > 0,
+  };
+}
+
+module.exports = {
+  buildAiOrgGovernancePlan,
+  evaluateAiOrgAction,
+};

package/scripts/ai-search-distribution.js

@@ -0,0 +1,43 @@
+#!/usr/bin/env node
+'use strict';
+
+function buildAiSearchDistributionPlan(input = {}) {
+  const brand = input.brand || 'ThumbGate';
+  const canonicalUrl = input.canonicalUrl || 'https://thumbgate-production.up.railway.app';
+  const proofUrl = input.proofUrl || `${canonicalUrl}/VERIFICATION_EVIDENCE.md`;
+  const claims = [
+    `${brand} is a pre-action gate system for AI agents.`,
+    `${brand} turns thumbs-up/down feedback into enforceable prevention rules.`,
+    `${brand} blocks known-bad tool actions before execution when wired into the agent runtime.`,
+    `${brand} provides decision journals, evidence gates, and workflow hardening for agentic teams.`,
+  ];
+  return {
+    brand,
+    canonicalUrl,
+    proofUrl,
+    entityClaims: claims,
+    fragments: claims.map((claim, index) => ({
+      id: `thumbgate_entity_fragment_${index + 1}`,
+      text: claim,
+      schemaHint: 'SoftwareApplication',
+      proofUrl,
+    })),
+    distributionSurfaces: [
+      'public/llm-context.md',
+      'README.md',
+      'GitHub About',
+      'npm package description',
+      'LinkedIn post',
+      'newsletter/webinar page',
+      'comparison pages',
+    ],
+    measurement: {
+      primary: ['AI citations', 'branded search mentions', 'LLM recommendation presence'],
+      secondary: ['referral clicks', 'checkout starts', 'workflow sprint leads'],
+    },
+  };
+}
+
+module.exports = {
+  buildAiSearchDistributionPlan,
+};

package/scripts/artifact-agent-plan.js

@@ -0,0 +1,81 @@
+#!/usr/bin/env node
+'use strict';
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function normalizeTask(task, index = 0) {
+  const id = normalizeText(task?.id) || `task-${index + 1}`;
+  return {
+    id,
+    description: normalizeText(task?.description),
+    branchName: normalizeText(task?.branchName) || id.toLowerCase().replaceAll(/[^a-z0-9]+/g, '-'),
+    priority: Number.isFinite(Number(task?.priority)) ? Number(task.priority) : index + 1,
+  };
+}
+
+function buildArtifactAgentPlan(input = {}) {
+  const baselineName = normalizeText(input.baselineName) || 'baseline';
+  const gitUrl = normalizeText(input.gitUrl) || 'https://github.com/IgorGanapolsky/ThumbGate.git';
+  const tasks = Array.isArray(input.tasks) ? input.tasks.map(normalizeTask) : [];
+  const forks = tasks.map((task) => ({
+    taskId: task.id,
+    forkName: `${baselineName}-${task.id}`.toLowerCase().replaceAll(/[^a-z0-9-]+/g, '-'),
+    branchName: task.branchName,
+    artifactRemote: null,
+    tokenRef: `artifact_token_${task.id}`,
+    status: 'planned',
+  }));
+
+  return {
+    generatedAt: normalizeText(input.generatedAt) || new Date().toISOString(),
+    baseline: {
+      name: baselineName,
+      gitUrl,
+      importIfMissing: true,
+    },
+    taskSchema: {
+      required: ['id', 'description', 'branchName', 'priority'],
+      properties: {
+        id: 'stable task identifier',
+        description: 'agent-readable task description',
+        branchName: 'deterministic branch/fork suffix',
+        priority: 'lower number runs first',
+      },
+    },
+    tasks,
+    forks,
+    runnerContract: {
+      filesystem: 'in_memory_git',
+      tools: ['read(path)', 'write(path, contents)', 'run_tests(command)', 'commit(message)'],
+      constraints: [
+        'read before write',
+        'minimize changes',
+        'commit every successful task',
+        'never expose artifact tokens in logs',
+      ],
+    },
+    reviewGate: {
+      requiredBeforeMerge: [
+        'diff summary',
+        'changed files',
+        'test output',
+        'decision journal entry',
+        'human or reviewer-agent approval',
+      ],
+      blockedWithout: ['baseline comparison', 'rollback path', 'evidence artifacts'],
+    },
+    observability: {
+      events: ['task_created', 'fork_created', 'agent_started', 'tool_call', 'commit_pushed', 'reviewed', 'merged_or_rejected'],
+      metrics: ['task_latency_ms', 'tool_call_count', 'test_pass_rate', 'review_reject_rate'],
+      traceKey: 'artifact_task_id',
+    },
+  };
+}
+
+module.exports = {
+  buildArtifactAgentPlan,
+  normalizeTask,
+};

package/scripts/billing.js

@@ -30,7 +30,6 @@ const {
   resolveFallbackArtifactPath,
 } = require('./feedback-paths');
 const { getTelemetryAnalytics, getTelemetrySourceDiagnostics } = require('./telemetry-analytics');
-const { loadWorkflowSprintLeads } = require('./workflow-sprint-intake');
 const {
   PRO_MONTHLY_PRICE_ID,
   PRO_ANNUAL_PRICE_ID,
@@ -52,6 +51,12 @@ const {
 const { ensureParentDir } = require('./fs-utils');
 const mailer = require('./mailer');
 
+function loadWorkflowSprintIntakeModule() {
+  const modulePath = path.resolve(__dirname, 'workflow-sprint-intake.js');
+  if (!fs.existsSync(modulePath)) return null;
+  return require(modulePath);
+}
+
 // ---------------------------------------------------------------------------
 // Config
 // ---------------------------------------------------------------------------
@@ -400,10 +405,23 @@ function resolveCheckoutBrandUrls(appOrigin) {
   const origin = resolvePublicAppOrigin(appOrigin);
   return {
     icon: joinPublicUrl(origin, '/assets/brand/thumbgate-icon-512.png'),
+    iconPro: joinPublicUrl(origin, '/assets/brand/thumbgate-icon-pro-512.png'),
+    iconTeam: joinPublicUrl(origin, '/assets/brand/thumbgate-icon-team-512.png'),
     logo: joinPublicUrl(origin, '/assets/brand/thumbgate-logo-1200x360.png'),
   };
 }
 
+// Resolve the per-tier product image that ships to Stripe `product_data.images`.
+// Keeping three distinct URLs means the Stripe dashboard and checkout surface
+// never show twins for Free/Pro/Team; see tests/billing-tier-icons.test.js.
+function resolveTierIconUrl(planId, appOrigin) {
+  const brandUrls = resolveCheckoutBrandUrls(appOrigin);
+  const normalized = typeof planId === 'string' ? planId.toLowerCase() : '';
+  if (normalized === 'team') return brandUrls.iconTeam;
+  if (normalized === 'pro') return brandUrls.iconPro;
+  return brandUrls.icon;
+}
+
 function buildCheckoutBrandingSettings(appOrigin) {
   const brandUrls = resolveCheckoutBrandUrls(appOrigin);
   return {
@@ -419,12 +437,11 @@ function buildCheckoutBrandingSettings(appOrigin) {
   };
 }
 
-function buildCheckoutProductData({ name, description, appOrigin }) {
-  const brandUrls = resolveCheckoutBrandUrls(appOrigin);
+function buildCheckoutProductData({ name, description, appOrigin, planId }) {
   return {
     name,
     description,
-    images: [brandUrls.icon],
+    images: [resolveTierIconUrl(planId, appOrigin)],
   };
 }
 
@@ -443,9 +460,10 @@ function buildSubscriptionPriceData(checkoutSelection, appOrigin) {
     product_data: buildCheckoutProductData({
       name: isTeam ? 'ThumbGate Team' : 'ThumbGate Pro',
       description: isTeam
-        ? 'Shared Pre-Action Gates, team governance, and workflow hardening for AI coding agents.'
-        : 'Local dashboard, DPO export, and Pre-Action Gates for AI coding agents.',
+        ? 'Shared Pre-Action Checks, team governance, and workflow hardening for AI coding agents.'
+        : 'Local dashboard, DPO export, and Pre-Action Checks for AI coding agents.',
       appOrigin,
+      planId: isTeam ? 'team' : 'pro',
     }),
   };
 }
@@ -516,7 +534,7 @@ function buildTrialActivationEmail({ customerEmail, apiKey, sessionId, planId, a
   const subject = 'Your 7-day ThumbGate Pro trial is live';
   const preheader = 'Activate Pro in one command, open the dashboard, and start blocking repeated AI coding mistakes.';
   const headline = 'Your 7-day ThumbGate Pro trial is live.';
-  const intro = 'ThumbGate turns thumbs up/down feedback into Pre-Action Gates that stop repeated AI coding mistakes before the next tool call. It keeps lessons local and turns repeated mistakes into Reliability Gateway blocks.';
+  const intro = 'ThumbGate turns thumbs up/down feedback into Pre-Action Checks that stop repeated AI coding mistakes before the next tool call. It keeps lessons local and turns repeated mistakes into Reliability Gateway blocks.';
   const exampleFeedback = 'thumbs down: the answer skipped exact files and tests; next time include paths, commands, and verification evidence.';
   const safeDashboardUrl = escapeHtml(dashboardUrl);
   const safeDocsUrl = escapeHtml(docsUrl);
@@ -1759,8 +1777,9 @@ function getBusinessAnalytics(options = {}) {
     (entry) => entry && entry.timestamp
   );
   const revenueEvents = loadResolvedRevenueEvents({ ...analyticsWindow, extraRevenueEvents });
+  const workflowSprintIntake = loadWorkflowSprintIntakeModule();
   const workflowSprintLeads = filterEntriesForWindow(
-    loadWorkflowSprintLeads(),
+    workflowSprintIntake ? workflowSprintIntake.loadWorkflowSprintLeads() : [],
     analyticsWindow,
     (entry) => entry && entry.submittedAt
   );

package/scripts/cli-schema.js

@@ -92,7 +92,7 @@ const CLI_COMMANDS = [
   },
   {
     name: 'gate-stats',
-    description: 'Gate engine statistics — active gates, blocks, warns, time saved',
+    description: 'Check engine statistics — active checks, blocks, warns, time saved',
     group: 'discovery',
     flags: [
       { name: 'json', type: 'boolean', description: 'Output as JSON' },
@@ -128,12 +128,28 @@ const CLI_COMMANDS = [
   discoveryCommand({
     name: 'harness-audit',
     aliases: ['harness'],
-    description: 'Score global docs, MCP discovery, and specialized gate harnesses',
+    description: 'Score global docs, MCP discovery, and specialized check harnesses',
     flags: [
       jsonFlag(),
       { name: 'doc-token-budget', type: 'number', description: 'Global docs budget (default 9000)' },
     ],
   }),
+  discoveryCommand({
+    name: 'eval',
+    aliases: ['prompt-eval'],
+    description: 'Turn feedback into reusable prompt/workflow eval proof',
+    flags: [
+      jsonFlag(),
+      { name: 'from-feedback', type: 'boolean', description: 'Generate eval cases from feedback-log.jsonl' },
+      { name: 'feedback-log', type: 'string', description: 'Explicit feedback-log.jsonl path' },
+      { name: 'feedback-dir', type: 'string', description: 'Explicit ThumbGate feedback directory' },
+      { name: 'suite', type: 'string', description: 'Run an existing prompt eval suite' },
+      { name: 'write-suite', type: 'string', description: 'Write generated suite JSON' },
+      { name: 'write-report', type: 'string', description: 'Write Markdown proof report' },
+      { name: 'min-score', type: 'number', description: 'Minimum passing score (default 80)' },
+      { name: 'max-cases', type: 'number', description: 'Maximum feedback-derived cases (default 25)' },
+    ],
+  }),
   discoveryCommand({
     name: 'native-messaging-audit',
     aliases: ['bridge-audit'],