thumbgate 1.16.19 → 1.16.21

package/src/api/server.js

@@ -13,6 +13,9 @@ const {
 const POSTHOG_API_PATHS = new Set(['/capture', '/batch', '/decide', '/e', '/engage']);
 const POSTHOG_INGEST_HOST = 'us.i.posthog.com';
 const POSTHOG_STATIC_PATH_PREFIX = '/static/';
+const FIRST_FAILURE_RULE_CHECKOUT_URL = 'https://buy.stripe.com/4gM6oHgH2bTw4lH6i73sI0z';
+const QUICK_READ_CHECKOUT_URL = 'https://buy.stripe.com/aFa8wPgH29Lo4lH35V3sI0w';
+const WORKFLOW_TEARDOWN_CHECKOUT_URL = 'https://buy.stripe.com/7sYfZhgH29LodWhdKz3sI0v';
 
 function getPosthogProxyPath(pathname) {
   return pathname.slice('/ingest'.length) || '/';
@@ -1453,6 +1456,61 @@ function buildCheckoutFallbackUrl(baseUrl, metadata = {}) {
   return restoreStripeCheckoutPlaceholder(url.toString());
 }
 
+function buildCheckoutIntentHref(baseUrl, metadata = {}, overrides = {}) {
+  return buildCheckoutFallbackUrl(baseUrl, {
+    ...metadata,
+    ...overrides,
+  });
+}
+
+function renderCheckoutIntentPage({
+  confirmHref,
+  firstRuleCheckoutHref,
+  quickReadCheckoutHref,
+  workflowTeardownCheckoutHref,
+  workflowIntakeHref,
+  teamOptionsHref,
+  diagnosticCheckoutHref,
+  sprintCheckoutHref,
+  sprintDiagnosticPriceDollars = 499,
+  workflowSprintPriceDollars = 1500,
+}) {
+  const safeConfirmHref = escapeHtmlAttribute(confirmHref);
+  const safeFirstRuleCheckoutHref = firstRuleCheckoutHref
+    ? escapeHtmlAttribute(firstRuleCheckoutHref)
+    : '';
+  const safeQuickReadCheckoutHref = quickReadCheckoutHref
+    ? escapeHtmlAttribute(quickReadCheckoutHref)
+    : '';
+  const safeWorkflowTeardownCheckoutHref = workflowTeardownCheckoutHref
+    ? escapeHtmlAttribute(workflowTeardownCheckoutHref)
+    : '';
+  const safeWorkflowIntakeHref = escapeHtmlAttribute(workflowIntakeHref);
+  const safeTeamOptionsHref = escapeHtmlAttribute(teamOptionsHref);
+  const safeDiagnosticCheckoutHref = diagnosticCheckoutHref
+    ? escapeHtmlAttribute(diagnosticCheckoutHref)
+    : '';
+  const safeSprintCheckoutHref = sprintCheckoutHref
+    ? escapeHtmlAttribute(sprintCheckoutHref)
+    : '';
+  const diagnosticAction = safeDiagnosticCheckoutHref
+    ? `<a data-i="sprint_diagnostic_checkout" href="${safeDiagnosticCheckoutHref}">Book $${sprintDiagnosticPriceDollars} diagnostic</a>`
+    : '';
+  const sprintAction = safeSprintCheckoutHref
+    ? `<a data-i="workflow_sprint_checkout" href="${safeSprintCheckoutHref}">Start $${workflowSprintPriceDollars} sprint</a>`
+    : '';
+  const firstRuleAction = safeFirstRuleCheckoutHref
+    ? `<a data-i="first_failure_rule_checkout" href="${safeFirstRuleCheckoutHref}">Pay $1 first rule</a>`
+    : '';
+  const quickReadAction = safeQuickReadCheckoutHref
+    ? `<a data-i="quick_read_checkout" href="${safeQuickReadCheckoutHref}">Pay $19 quick read</a>`
+    : '';
+  const teardownAction = safeWorkflowTeardownCheckoutHref
+    ? `<a data-i="workflow_teardown_checkout" href="${safeWorkflowTeardownCheckoutHref}">Pay $99 teardown</a>`
+    : '';
+  return `<!doctype html><html lang="en"><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><style>body{background:#0a0a0a;color:#eee;font-family:system-ui,sans-serif}div{max-width:560px;margin:12vh auto}a{display:block;margin:10px 0;padding:12px;border:1px solid #374151;color:inherit;text-align:center}.primary{background:#22d3ee;color:#000}.high-ticket{border-color:#4ade80;color:#4ade80}</style><div><h1>Choose the right paid path.</h1><p>For one repeated workflow failure, start with the diagnostic or sprint. Use Pro only when you need the local self-serve dashboard.</p>${diagnosticAction.replace('<a ', '<a class="high-ticket" ')}${sprintAction.replace('<a ', '<a class="high-ticket" ')}<a class="primary" data-i="pro_checkout_confirmed" href="${safeConfirmHref}">Pay in Stripe</a>${teardownAction}${quickReadAction}${firstRuleAction}<a data-i="workflow_sprint_intake" href="${safeWorkflowIntakeHref}">Send workflow first</a><a data-i="team_paid_path" href="${safeTeamOptionsHref}">See options</a><p>Stripe checkout.</p><a href="/">Back</a></div><script>addEventListener('click',e=>{let a=e.target.closest('[data-i]');if(a&&navigator.sendBeacon)navigator.sendBeacon('/v1/telemetry/ping',new Blob([JSON.stringify({eventType:'checkout_interstitial_cta_clicked',clientType:'web',page:'/checkout/pro',ctaId:a.dataset.i,ctaPlacement:'checkout_interstitial'})],{type:'application/json'}))})</script>`;
+}
+
 function buildCheckoutBootstrapBody(parsed, req, journeyState = resolveJourneyState(req, parsed)) {
   const params = parsed.searchParams;
   const traceId = pickFirstText(params.get('trace_id')) || createJourneyId('checkout');
@@ -1505,6 +1563,26 @@ function buildCheckoutConfirmHref(parsed) {
   return `${confirmUrl.pathname}${confirmUrl.search}`;
 }
 
+function normalizeCheckoutCustomerEmail(value) {
+  const email = (normalizeNullableText(value) || '').toLowerCase();
+  const atIndex = email.indexOf('@');
+  const domain = email.slice(atIndex + 1);
+  if (!email || email.length > 254 || atIndex <= 0 || atIndex !== email.lastIndexOf('@') || !domain || !domain.includes('.') || domain.startsWith('.') || domain.endsWith('.') || domain.includes('..')) return null;
+  for (const ch of email) if (ch <= ' ' || ch === '<' || ch === '>' || ch === '"') return null;
+  return email;
+}
+
+function renderCheckoutIntentGate(parsed, responseHeaders = {}) {
+  let hiddenInputs = '';
+  for (const [key, value] of parsed.searchParams.entries()) {
+    if (key !== 'confirm' && key !== 'customer_email') hiddenInputs += `<input type=hidden name=${escapeHtmlAttribute(key)} value=${escapeHtmlAttribute(value)}>`;
+  }
+  return {
+    html: `<!doctype html><h1>Email for Stripe receipt</h1><form action=/checkout/pro>${hiddenInputs}<input type=hidden name=confirm value=1><input name=customer_email type=email required><button>Continue</button></form>`,
+    headers: responseHeaders,
+  };
+}
+
 function normalizeTrackedLinkSlug(value) {
   return String(value || '').trim().toLowerCase().replace(/[^a-z0-9-]/g, '');
 }
@@ -1746,9 +1824,7 @@ function appendBestEffortTelemetry(feedbackDir, payload, headers, context) {
           evidence: [err && err.message ? err.message : 'unknown_error'],
         },
       });
-    } catch (_) {
-      // Public telemetry remains best-effort even when diagnostics fail.
-    }
+    } catch (_) {}
     return false;
   }
 }
@@ -2055,7 +2131,6 @@ a{color:#22d3ee;text-decoration:none}</style></head><body>
   const timestamp = merged.timestamp ? new Date(merged.timestamp).toLocaleString() : '';
   const isoTimestamp = merged.timestamp || '';
 
-  // Technical metadata
   const failureType = merged.failureType || null;
   const skill = merged.skill || null;
   const source = merged.source || fb.source || null;
@@ -2066,19 +2141,12 @@ a{color:#22d3ee;text-decoration:none}</style></head><body>
   const guardrails = merged.guardrails || null;
   const rubricScores = merged.rubricScores || null;
 
-  // Structured rule
   const rule = merged.structuredRule || merged.rule || null;
-  // Conversation window
   const convoWindow = merged.conversationWindow || merged.chatHistory || [];
-  // Reflector analysis
   const reflector = merged.reflectorAnalysis || merged.reflector || null;
-  // Diagnosis
   const diagnosis = merged.diagnosis || null;
-  // Rubric
   const rubric = merged.rubricEvaluation || merged.rubric || null;
-  // Synthesis
   const synthesis = merged.synthesis || null;
-  // Bayesian
   const bayesian = merged.bayesianBelief || merged.bayesian || null;
 
   function sectionCard(titleText, content, id) {
@@ -2501,14 +2569,6 @@ function servePublicMarketingPage({
     'landing_page_view'
   );
 
-  // Funnel-ledger write (2026-04-21): populate funnel-events.jsonl with a
-  // discovery-stage event on every landing-page view so UTM-tagged social
-  // traffic becomes visible in `npm run feedback:summary` and
-  // `bin/cli.js cfo --today`. Prior to this wire, landing views wrote only
-  // to telemetry-pings.jsonl (invisible to the CEO-facing revenue surface),
-  // leaving funnel-events.jsonl empty despite 404 published Zernio posts.
-  // Best-effort: wrapped in try/catch so a billing-ledger hiccup never
-  // breaks a page render.
   try {
     appendFunnelEvent({
       stage: 'discovery',
@@ -2927,6 +2987,9 @@ function renderCheckoutSuccessPage(runtimeConfig) {
 }
 
 function renderCheckoutCancelledPage(runtimeConfig) {
+  const firstFailureRuleCheckoutUrl = escapeHtmlAttribute(FIRST_FAILURE_RULE_CHECKOUT_URL);
+  const quickReadCheckoutUrl = escapeHtmlAttribute(QUICK_READ_CHECKOUT_URL);
+  const workflowTeardownCheckoutUrl = escapeHtmlAttribute(WORKFLOW_TEARDOWN_CHECKOUT_URL);
   const diagnosticCheckoutUrl = runtimeConfig.sprintDiagnosticCheckoutUrl
     ? escapeHtmlAttribute(runtimeConfig.sprintDiagnosticCheckoutUrl)
     : '';
@@ -2937,18 +3000,21 @@ function renderCheckoutCancelledPage(runtimeConfig) {
   const workflowSprintPriceDollars = runtimeConfig.workflowSprintPriceDollars || 1500;
   const workflowSprintIntakeUrl = `${escapeHtmlAttribute(runtimeConfig.appOrigin)}/#workflow-sprint-intake`;
   const recoveryOfferLinks = [
-    `<a id="send-workflow-first" href="${workflowSprintIntakeUrl}" data-recovery-offer="workflow_sprint_intake" data-offer-price="0">Send workflow first</a>`,
     diagnosticCheckoutUrl
       ? `<a href="${diagnosticCheckoutUrl}" data-recovery-offer="sprint_diagnostic" data-offer-price="${sprintDiagnosticPriceDollars}">Book $${sprintDiagnosticPriceDollars} diagnostic</a>`
       : '',
     workflowSprintCheckoutUrl
       ? `<a href="${workflowSprintCheckoutUrl}" data-recovery-offer="workflow_sprint" data-offer-price="${workflowSprintPriceDollars}">Start $${workflowSprintPriceDollars} sprint</a>`
       : '',
+    `<a href="${workflowTeardownCheckoutUrl}" data-recovery-offer="workflow_teardown" data-offer-price="99">Pay $99 teardown</a>`,
+    `<a href="${quickReadCheckoutUrl}" data-recovery-offer="quick_read" data-offer-price="19">Pay $19 quick read</a>`,
+    `<a href="${firstFailureRuleCheckoutUrl}" data-recovery-offer="first_failure_rule" data-offer-price="1">Pay $1 first rule</a>`,
+    `<a id="send-workflow-first" href="${workflowSprintIntakeUrl}" data-recovery-offer="workflow_sprint_intake" data-offer-price="0">Send workflow first</a>`,
   ].filter(Boolean).join('\n        ');
   const recoveryOfferCard = recoveryOfferLinks
     ? `<div class="card recovery-card">
       <h2>Need help deciding?</h2>
-      <p>If Pro is not the right next step, send the workflow first. We can qualify the blocker, confirm the proof plan, and route you to the diagnostic or sprint only when the scope is real.</p>
+      <p>If Pro is not the right next step, start smaller or send the workflow first. We can qualify the blocker, confirm the proof plan, and route you to the diagnostic or sprint only when the scope is real.</p>
       <div class="actions">
         ${recoveryOfferLinks}
       </div>
@@ -3070,7 +3136,7 @@ function renderCheckoutCancelledPage(runtimeConfig) {
       </div>
       <div class="actions">
         <button type="button" id="submit-reason">Send feedback</button>
-        <a id="retry-checkout" href="/checkout/pro" class="secondary" data-recovery-offer="pro_trial_retry" data-offer-price="19">Restart $19 Pro trial</a>
+        <a id="retry-checkout" href="/checkout/pro" class="secondary" data-recovery-offer="pro_pay_now_retry" data-offer-price="19">Restart $19 Pro checkout</a>
         <a href="${runtimeConfig.appOrigin}" class="secondary">Return to Context Gateway</a>
       </div>
       <p class="note" id="status">No feedback sent yet.</p>
@@ -3361,10 +3427,8 @@ function isAuthorized(req, expected) {
   if (!expected) return true;
   const token = extractApiKey(req);
 
-  // Check static THUMBGATE_API_KEY first
   if (token === expected) return true;
 
-  // Also accept any valid provisioned billing key
   if (token) {
     const result = validateApiKey(token);
     return result.valid === true;
@@ -3373,9 +3437,6 @@ function isAuthorized(req, expected) {
   return false;
 }
 
-/**
- * Extract the Bearer token from a request (returns '' if absent).
- */
 function extractBearerToken(req) {
   const auth = req.headers.authorization || '';
   return auth.startsWith('Bearer ') ? auth.slice(7) : '';
@@ -3537,15 +3598,6 @@ function createApiServer() {
   const expectedApiKey = getExpectedApiKey();
   const expectedOperatorKey = getExpectedOperatorKey();
 
-  // Live-event bus. Feedback captures, prevention-rule regenerations, and
-  // gate decisions push to this emitter; the /v1/events SSE endpoint streams
-  // those events to connected dashboard clients so they render in real time
-  // instead of waiting for the next manual refresh.
-  //
-  // See .changeset/dashboard-sse-live.md for the ROI rationale — this is a
-  // direct application of the "persistent channel beats per-turn HTTP" pattern
-  // to ThumbGate's dashboard surface (the primary UI for watching team
-  // feedback flow).
   const eventBus = new EventEmitter();
   eventBus.setMaxListeners(200);
 
@@ -4386,37 +4438,117 @@ async function addContext(){
         ? { 'Set-Cookie': journeyState.setCookieHeaders }
         : {};
 
-      // ── Bot guard ────────────────────────────────────────────────────
-      // Creating a Stripe Checkout session on every GET means crawlers,
-      // link-preview fetchers, and LLM scrapers inflate "sessions opened"
-      // while completions stay at zero. Serve bots an interstitial HTML
-      // page instead — no Stripe session created, no funnel pollution.
-      // The `?confirm=1` query param or POST below is the real-user path.
       const botClassification = classifyRequester(req.headers);
       const confirmParam = parsed?.searchParams?.get('confirm') ?? null;
       const isConfirmedCheckout = confirmParam === '1'
         || confirmParam === 'true'
         || req.method === 'POST';
-      if (botClassification.isBot && !isConfirmedCheckout) {
+      if (!isConfirmedCheckout && botClassification.isBot) {
+        const eventType = 'checkout_bot_deflected';
         appendBestEffortTelemetry(FEEDBACK_DIR, {
-          eventType: 'checkout_bot_deflected',
+          eventType,
           clientType: 'web',
           traceId,
+          acquisitionId: analyticsMetadata.acquisitionId,
+          visitorId: analyticsMetadata.visitorId,
+          sessionId: analyticsMetadata.sessionId,
           utmSource: analyticsMetadata.utmSource,
           utmMedium: analyticsMetadata.utmMedium,
           utmCampaign: analyticsMetadata.utmCampaign,
+          utmContent: analyticsMetadata.utmContent,
+          utmTerm: analyticsMetadata.utmTerm,
           referrer: analyticsMetadata.referrer,
           referrerHost: analyticsMetadata.referrerHost,
           page: '/checkout/pro',
+          ctaId: analyticsMetadata.ctaId,
+          ctaPlacement: analyticsMetadata.ctaPlacement,
           planId: analyticsMetadata.planId,
           reason: botClassification.reason,
-        }, req.headers, 'checkout_bot_deflected');
-        const confirmHref = escapeHtmlAttribute(buildCheckoutConfirmHref(parsed));
-        const html = `<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="robots" content="noindex,nofollow"><title>ThumbGate Pro \u2014 Confirm checkout</title><style>*{box-sizing:border-box}body{background:#0a0a0a;color:#e5e5e5;font-family:system-ui,-apple-system,sans-serif;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:20px}.card{background:#141414;border:1px solid #222;border-radius:16px;padding:48px 40px;max-width:460px;width:100%;text-align:center;box-shadow:0 8px 32px rgba(0,0,0,.5)}h1{margin:0 0 12px;font-size:22px;color:#22d3ee}p{color:#9ca3af;font-size:14px;line-height:1.55;margin:0 0 24px}.btn{display:inline-block;background:#22d3ee;color:#000;text-decoration:none;font-weight:700;padding:14px 32px;border-radius:999px;font-size:16px;cursor:pointer;border:none}.btn:hover{opacity:.9}.sub{margin-top:16px;font-size:12px;color:#6b7280}a.back{color:#6b7280;font-size:13px;text-decoration:underline}</style></head><body><div class="card"><h1>Continue to secure checkout</h1><p>You're one click from ThumbGate Pro at $19/mo. We create the payment session only after you confirm \u2014 keeps your path clean and our funnel honest.</p><a class="btn" href="${confirmHref}" rel="noopener">Continue to Stripe \u2192</a><div class="sub">Payments handled by Stripe. 7-day trial. Card required; no charge today. Cancel anytime.</div><div class="sub"><a class="back" href="/">\u2190 Back to homepage</a></div></div></body></html>`;
+        }, req.headers, eventType);
+        const workflowIntakeHref = buildCheckoutIntentHref(`${hostedConfig.appOrigin}/#workflow-sprint-intake`, analyticsMetadata, {
+          utmMedium: 'checkout_interstitial_recovery',
+          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_workflow_sprint',
+          ctaId: 'checkout_interstitial_workflow_sprint_intake',
+          ctaPlacement: 'checkout_interstitial',
+          planId: 'team',
+        });
+        const teamOptionsHref = buildCheckoutIntentHref(`${hostedConfig.appOrigin}/guides/ai-agent-governance-sprint`, analyticsMetadata, {
+          utmMedium: 'checkout_interstitial_paid_path',
+          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_team_paid_path',
+          ctaId: 'checkout_interstitial_team_paid_path',
+          ctaPlacement: 'checkout_interstitial',
+          planId: 'team',
+        });
+        const firstRuleCheckoutHref = buildCheckoutIntentHref(FIRST_FAILURE_RULE_CHECKOUT_URL, analyticsMetadata, {
+          utmMedium: 'checkout_interstitial_paid_path',
+          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_first_failure_rule',
+          ctaId: 'checkout_interstitial_first_failure_rule_checkout',
+          ctaPlacement: 'checkout_interstitial',
+          planId: 'first_failure_rule',
+        });
+        const quickReadCheckoutHref = buildCheckoutIntentHref(QUICK_READ_CHECKOUT_URL, analyticsMetadata, {
+          utmMedium: 'checkout_interstitial_paid_path',
+          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_quick_read',
+          ctaId: 'checkout_interstitial_quick_read_checkout',
+          ctaPlacement: 'checkout_interstitial',
+          planId: 'quick_read',
+        });
+        const workflowTeardownCheckoutHref = buildCheckoutIntentHref(WORKFLOW_TEARDOWN_CHECKOUT_URL, analyticsMetadata, {
+          utmMedium: 'checkout_interstitial_paid_path',
+          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_workflow_teardown',
+          ctaId: 'checkout_interstitial_workflow_teardown_checkout',
+          ctaPlacement: 'checkout_interstitial',
+          planId: 'workflow_teardown',
+        });
+        const diagnosticCheckoutHref = hostedConfig.sprintDiagnosticCheckoutUrl
+          ? buildCheckoutIntentHref(hostedConfig.sprintDiagnosticCheckoutUrl, analyticsMetadata, {
+            utmMedium: 'checkout_interstitial_paid_path',
+            utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_diagnostic',
+            ctaId: 'checkout_interstitial_sprint_diagnostic_checkout',
+            ctaPlacement: 'checkout_interstitial',
+            planId: 'sprint_diagnostic',
+          })
+          : '';
+        const sprintCheckoutHref = hostedConfig.workflowSprintCheckoutUrl
+          ? buildCheckoutIntentHref(hostedConfig.workflowSprintCheckoutUrl, analyticsMetadata, {
+            utmMedium: 'checkout_interstitial_paid_path',
+            utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_workflow_sprint',
+            ctaId: 'checkout_interstitial_workflow_sprint_checkout',
+            ctaPlacement: 'checkout_interstitial',
+            planId: 'workflow_sprint',
+          })
+          : '';
+        const html = renderCheckoutIntentPage({
+          confirmHref: buildCheckoutConfirmHref(parsed),
+          firstRuleCheckoutHref,
+          quickReadCheckoutHref,
+          workflowTeardownCheckoutHref,
+          workflowIntakeHref,
+          teamOptionsHref,
+          diagnosticCheckoutHref,
+          sprintCheckoutHref,
+          sprintDiagnosticPriceDollars: hostedConfig.sprintDiagnosticPriceDollars || 499,
+          workflowSprintPriceDollars: hostedConfig.workflowSprintPriceDollars || 1500,
+          botClassification,
+        });
         sendHtml(res, 200, html, responseHeaders);
         return;
       }
 
+      const rawCheckoutEmail = normalizeNullableText(bootstrapBody.customerEmail);
+      const normalizedCheckoutEmail = normalizeCheckoutCustomerEmail(rawCheckoutEmail);
+      if (!normalizedCheckoutEmail) {
+        appendBestEffortTelemetry(FEEDBACK_DIR, {
+          eventType: 'checkout_email_deferred_to_stripe',
+          clientType: 'web',
+          traceId,
+          page: '/checkout/pro',
+          planId: analyticsMetadata.planId,
+          reason: rawCheckoutEmail ? 'invalid_customer_email' : 'missing_customer_email',
+        }, req.headers, 'checkout_email_deferred_to_stripe');
+      }
+      bootstrapBody.customerEmail = normalizedCheckoutEmail || undefined;
+
       appendBestEffortTelemetry(FEEDBACK_DIR, {
         eventType: 'checkout_bootstrap',
         clientType: 'web',
@@ -4792,7 +4924,7 @@ async function addContext(){
             .map(l => { try { return JSON.parse(l); } catch(_e) { return null; } })
             .filter(Boolean);
         }
-      } catch (_) {}
+      } catch { entries = []; }
 
       const now = Date.now();
       const sevenDaysAgo = now - 7 * 24 * 60 * 60 * 1000;