thumbgate 1.16.22 → 1.17.0

package/public/numbers.html

@@ -25,7 +25,7 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.16.22",
+  "softwareVersion": "1.17.0",
   "url": "https://thumbgate-production.up.railway.app/numbers",
   "dateModified": "2026-05-07",
   "creator": {
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.16.22</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.17.0</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
 
   <h2>Gate enforcement</h2>

package/scripts/billing.js

@@ -1149,7 +1149,8 @@ function loadResolvedRevenueEvents(options = {}) {
     const derived = deriveRevenueEventFromPaidProviderEvent(entry);
     if (!derived) continue;
     if (hasRevenueEventMatch(resolved, derived)) continue;
-    resolved.push(derived);
+    const priced = resolveGithubMarketplaceRevenueEntry(derived, { annotate: false }).entry;
+    resolved.push(priced);
   }
 
   return mergeRevenueEvents(resolved, extraRevenueEvents);
@@ -1161,6 +1162,9 @@ function repairGithubMarketplaceRevenueLedger(options = {}) {
   const rows = loadJsonlFile(ledgerPath);
   const resolvedAt = new Date().toISOString();
   const repairs = [];
+
+  // Pass 1: in-place repair of rows already in revenue-events.jsonl that have
+  // unknown amounts but resolvable plan metadata.
   const updatedRows = rows.map((entry) => {
     const result = resolveGithubMarketplaceRevenueEntry(entry, {
       annotate: true,
@@ -1178,21 +1182,76 @@ function repairGithubMarketplaceRevenueLedger(options = {}) {
       currency: normalizeCurrency(result.entry.currency),
       recurringInterval: normalizeText(result.entry.recurringInterval),
       pricingSource: normalizeText(metadata.githubMarketplaceAmountSource),
+      source: 'in_place',
     });
     return result.entry;
   });
 
+  // Pass 2: append rows for funnel-derived paid github_marketplace events that
+  // never landed in the revenue ledger. The webhook handler at handleGithubWebhook
+  // skips appendRevenueEvent when hasRevenueEventMatch is true, so duplicates from
+  // a re-run are already prevented; the only way an order gets here is if the
+  // revenue write was skipped at webhook time (e.g. funnel pre-existed, planPricing
+  // had unknown amount at the time, or the row was created via a different path).
+  const funnelRecords = loadFunnelLedger().filter(
+    (e) =>
+      e &&
+      e.stage === 'paid' &&
+      normalizeText((e.metadata && e.metadata.provider) || e.provider) === 'github_marketplace'
+  );
+
+  for (const funnelEntry of funnelRecords) {
+    const derived = deriveRevenueEventFromPaidProviderEvent(funnelEntry);
+    if (!derived) continue;
+    if (hasRevenueEventMatch(updatedRows, derived)) continue;
+
+    const resolved = resolveGithubMarketplaceRevenueEntry(derived, {
+      annotate: true,
+      resolvedAt,
+    });
+    // Skip funnel-derived rows that still have unknown amounts after resolving —
+    // we don't want to permanently bake amountKnown:false rows when there's no
+    // pricing data to attach. Better to leave them off-disk and keep the
+    // read-time merge in loadResolvedRevenueEvents covering them.
+    if (!resolved.changed || !resolved.entry.amountKnown) continue;
+
+    const persisted = {
+      ...resolved.entry,
+      metadata: {
+        ...sanitizeMetadata(resolved.entry.metadata),
+        recoveredFromFunnelLedger: true,
+        funnelRecordedAt: normalizeText(funnelEntry.timestamp) || null,
+      },
+    };
+    updatedRows.push(persisted);
+
+    const metadata = sanitizeMetadata(persisted.metadata);
+    repairs.push({
+      orderId: normalizeText(persisted.orderId),
+      customerId: normalizeText(persisted.customerId),
+      planId: normalizeText(metadata.planId ?? persisted.planId),
+      amountCents: normalizeInteger(persisted.amountCents),
+      currency: normalizeCurrency(persisted.currency),
+      recurringInterval: normalizeText(persisted.recurringInterval),
+      pricingSource: normalizeText(metadata.githubMarketplaceAmountSource),
+      source: 'funnel_derived',
+    });
+  }
+
   const writeResult = write && repairs.length > 0
     ? writeJsonlRecords(ledgerPath, updatedRows)
-    : { written: false, rowCount: rows.length };
+    : { written: false, rowCount: updatedRows.length };
 
   return {
     ledgerPath,
     write,
     wrote: Boolean(writeResult.written),
     scanned: rows.length,
+    funnelScanned: funnelRecords.length,
     repaired: repairs.length,
-    unchanged: rows.length - repairs.length,
+    repairedInPlace: repairs.filter((r) => r.source === 'in_place').length,
+    repairedFromFunnel: repairs.filter((r) => r.source === 'funnel_derived').length,
+    unchanged: rows.length - repairs.filter((r) => r.source === 'in_place').length,
     repairs,
     writeResult,
   };

package/scripts/rate-limiter.js

@@ -12,28 +12,28 @@ const {
 const USAGE_FILE = path.join(process.env.HOME || '/tmp', '.thumbgate', 'usage-limits.json');
 
 // ──────────────────────────────────────────────────────────
-// NEW: Lifetime caps on free tier — users hit the wall fast
-// and must upgrade to keep using core features.
+// Free tier: generous on captures (habit formation) and rules
+// (5 active gates), gated on Pro-only features (recall, search,
+// exports). Dashboard, exports, and unlimited rules drive Pro.
 // ──────────────────────────────────────────────────────────
 const FREE_TIER_LIMITS = {
-  capture_feedback:   { daily: Infinity, lifetime: 3,  label: 'feedback captures' },
-  prevention_rules:   { daily: Infinity, lifetime: 1,  label: 'prevention rules generated' },
-  recall:             { daily: 0,        lifetime: 0,  label: 'recall queries (Pro only)' },
-  search_lessons:     { daily: 0,        lifetime: 0,  label: 'lesson searches (Pro only)' },
-  search_thumbgate:   { daily: 0,        lifetime: 0,  label: 'ThumbGate searches (Pro only)' },
-  commerce_recall:    { daily: 0,        lifetime: 0,  label: 'commerce recalls (Pro only)' },
-  export_dpo:         { daily: 0,        lifetime: 0,  label: 'DPO exports (Pro only)' },
-  export_databricks:  { daily: 0,        lifetime: 0,  label: 'Databricks exports (Pro only)' },
-  construct_context_pack: { daily: Infinity, lifetime: 3, label: 'context packs' },
+  capture_feedback:   { daily: Infinity, lifetime: Infinity, label: 'feedback captures' },
+  prevention_rules:   { daily: Infinity, lifetime: Infinity, label: 'prevention rules generated' },
+  recall:             { daily: 0,        lifetime: 0,        label: 'recall queries (Pro only)' },
+  search_lessons:     { daily: 0,        lifetime: 0,        label: 'lesson searches (Pro only)' },
+  search_thumbgate:   { daily: 0,        lifetime: 0,        label: 'ThumbGate searches (Pro only)' },
+  commerce_recall:    { daily: 0,        lifetime: 0,        label: 'commerce recalls (Pro only)' },
+  export_dpo:         { daily: 0,        lifetime: 0,        label: 'DPO exports (Pro only)' },
+  export_databricks:  { daily: 0,        lifetime: 0,        label: 'Databricks exports (Pro only)' },
+  construct_context_pack: { daily: Infinity, lifetime: Infinity, label: 'context packs' },
 };
 
-const FREE_TIER_MAX_GATES = 1; // Down from 5 — one auto-promoted gate, then paywall
+const FREE_TIER_MAX_GATES = 5; // 5 active prevention rules on free; Pro is unlimited
 
-const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited captures, recall, prevention rules, and dashboard: ${PRO_MONTHLY_PAYMENT_LINK}\n  Team: ${TEAM_PRICE_LABEL} after workflow qualification.`;
+const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited rules, recall, lesson search, dashboard, and exports: ${PRO_MONTHLY_PAYMENT_LINK}\n  Team: ${TEAM_PRICE_LABEL} after workflow qualification.`;
 
 const PAYWALL_MESSAGES = {
-  capture_feedback: 'You\'ve used all 3 free feedback captures. Your agent is still making mistakes — upgrade to Pro to capture every one and build real prevention rules.',
-  prevention_rules: 'Free tier includes 1 prevention rule. Your agents need more protection — upgrade to Pro for unlimited rules.',
+  prevention_rules: 'Free tier includes 5 active prevention rules. Promote more or unlock unlimited rules with Pro.',
   recall: 'Recall is a Pro feature. Your past feedback is stored locally — upgrade to search and reuse it.',
   search_lessons: 'Lesson search is a Pro feature. Upgrade to find patterns in your agent\'s mistakes.',
   default: 'This feature requires Pro. Start Pro — card required; billed today.',

package/src/api/server.js

@@ -16,6 +16,8 @@ const POSTHOG_STATIC_PATH_PREFIX = '/static/';
 const FIRST_FAILURE_RULE_CHECKOUT_URL = 'https://buy.stripe.com/4gM6oHgH2bTw4lH6i73sI0z';
 const QUICK_READ_CHECKOUT_URL = 'https://buy.stripe.com/aFa8wPgH29Lo4lH35V3sI0w';
 const WORKFLOW_TEARDOWN_CHECKOUT_URL = 'https://buy.stripe.com/7sYfZhgH29LodWhdKz3sI0v';
+const SPRINT_DIAGNOSTIC_CHECKOUT_URL = 'https://buy.stripe.com/3cI7sLgH25v8dWh5e33sI0o';
+const WORKFLOW_SPRINT_CHECKOUT_URL = 'https://buy.stripe.com/8x25kDcqMaPs9G15e33sI0p';
 
 function getPosthogProxyPath(pathname) {
   return pathname.slice('/ingest'.length) || '/';
@@ -210,6 +212,7 @@ const NUMBERS_PAGE_PATH = path.resolve(__dirname, '../../public/numbers.html');
 const LEARN_DIR = path.resolve(__dirname, '../../public/learn');
 const GUIDES_DIR = path.resolve(__dirname, '../../public/guides');
 const COMPARE_DIR = path.resolve(__dirname, '../../public/compare');
+const USE_CASES_DIR = path.resolve(__dirname, '../../public/use-cases');
 const PUBLIC_DIR = path.resolve(__dirname, '../../public');
 const PUBLIC_ASSETS_DIR = path.resolve(__dirname, '../../public/assets');
 const BUYER_INTENT_SCRIPT_PATH = path.resolve(__dirname, '../../public/js/buyer-intent.js');
@@ -1587,6 +1590,12 @@ function normalizeTrackedLinkSlug(value) {
   return String(value || '').trim().toLowerCase().replace(/[^a-z0-9-]/g, '');
 }
 
+function normalizePublicPageSlug(value) {
+  return String(value || '')
+    .replace(/\.html$/i, '')
+    .replace(/[^a-z0-9-]/g, '');
+}
+
 function getTrackedLinkTarget(slug) {
   const normalizedSlug = normalizeTrackedLinkSlug(slug);
   return TRACKED_LINK_TARGETS[normalizedSlug]
@@ -1939,8 +1948,8 @@ function loadPublicMarketingTemplateHtml(templatePath, runtimeConfig, pageContex
     '__CHECKOUT_FALLBACK_URL__': runtimeConfig.checkoutFallbackUrl,
     '__PRO_PRICE_DOLLARS__': runtimeConfig.proPriceDollars,
     '__PRO_PRICE_LABEL__': runtimeConfig.proPriceLabel,
-    '__SPRINT_DIAGNOSTIC_CHECKOUT_URL__': runtimeConfig.sprintDiagnosticCheckoutUrl || '',
-    '__WORKFLOW_SPRINT_CHECKOUT_URL__': runtimeConfig.workflowSprintCheckoutUrl || '',
+    '__SPRINT_DIAGNOSTIC_CHECKOUT_URL__': runtimeConfig.sprintDiagnosticCheckoutUrl || SPRINT_DIAGNOSTIC_CHECKOUT_URL,
+    '__WORKFLOW_SPRINT_CHECKOUT_URL__': runtimeConfig.workflowSprintCheckoutUrl || WORKFLOW_SPRINT_CHECKOUT_URL,
     '__SPRINT_DIAGNOSTIC_PRICE_DOLLARS__': runtimeConfig.sprintDiagnosticPriceDollars || 499,
     '__WORKFLOW_SPRINT_PRICE_DOLLARS__': runtimeConfig.workflowSprintPriceDollars || 1500,
     '__GA_MEASUREMENT_ID__': runtimeConfig.gaMeasurementId || '',
@@ -4193,6 +4202,15 @@ async function addContext(){
       return;
     }
 
+    if (isGetLikeRequest && pathname === '/lessons/') {
+      res.writeHead(302, {
+        Location: '/lessons',
+        'Cache-Control': 'no-store',
+      });
+      res.end();
+      return;
+    }
+
     if (isGetLikeRequest && pathname === '/lessons') {
       try {
         const html = loadLessonsPageHtml(req, expectedApiKey);
@@ -4245,7 +4263,7 @@ async function addContext(){
       return;
     }
 
-    if (isGetLikeRequest && pathname === '/guide') {
+    if (isGetLikeRequest && (pathname === '/guide' || pathname === '/guide.html')) {
       try {
         const html = fs.readFileSync(GUIDE_PAGE_PATH, 'utf-8');
         sendHtml(res, 200, html, {}, { headOnly: isHeadRequest });
@@ -4255,7 +4273,7 @@ async function addContext(){
       return;
     }
 
-    if (isGetLikeRequest && pathname === '/codex-plugin') {
+    if (isGetLikeRequest && (pathname === '/codex-plugin' || pathname === '/codex-plugin.html')) {
       try {
         const html = fs.readFileSync(CODEX_PLUGIN_PAGE_PATH, 'utf-8');
         sendHtml(res, 200, html, {}, { headOnly: isHeadRequest });
@@ -4265,7 +4283,7 @@ async function addContext(){
       return;
     }
 
-    if (isGetLikeRequest && pathname === '/compare') {
+    if (isGetLikeRequest && (pathname === '/compare' || pathname === '/compare.html')) {
       try {
         const html = fs.readFileSync(COMPARE_PAGE_PATH, 'utf-8');
         sendHtml(res, 200, html, {}, { headOnly: isHeadRequest });
@@ -4275,7 +4293,7 @@ async function addContext(){
       return;
     }
 
-    if (isGetLikeRequest && pathname === '/blog') {
+    if (isGetLikeRequest && (pathname === '/blog' || pathname === '/blog.html')) {
       try {
         const blogPath = path.resolve(__dirname, '../../public/blog.html');
         const html = fs.readFileSync(blogPath, 'utf-8');
@@ -4286,7 +4304,7 @@ async function addContext(){
       return;
     }
 
-    if (isGetLikeRequest && pathname === '/learn') {
+    if (isGetLikeRequest && (pathname === '/learn' || pathname === '/learn.html')) {
       try {
         const html = fs.readFileSync(LEARN_PAGE_PATH, 'utf-8');
         sendHtml(res, 200, html, {}, { headOnly: isHeadRequest });
@@ -4296,6 +4314,24 @@ async function addContext(){
       return;
     }
 
+    if (isGetLikeRequest && (pathname === '/guides' || pathname === '/guides/' || pathname === '/guides.html')) {
+      res.writeHead(302, {
+        Location: '/learn',
+        'Cache-Control': 'no-store',
+      });
+      res.end();
+      return;
+    }
+
+    if (isGetLikeRequest && (pathname === '/services' || pathname === '/services.html')) {
+      res.writeHead(302, {
+        Location: '/#workflow-sprint-intake',
+        'Cache-Control': 'no-store',
+      });
+      res.end();
+      return;
+    }
+
     if (isGetLikeRequest && (pathname === '/numbers' || pathname === '/numbers.html')) {
       // Route through servePublicMarketingPage so landing_page_view telemetry
       // + funnel-events.jsonl `discovery/landing_view` get captured with UTM
@@ -4331,7 +4367,7 @@ async function addContext(){
 
     if (isGetLikeRequest && pathname.startsWith('/learn/')) {
       try {
-        const slug = pathname.replace('/learn/', '').replace(/[^a-z0-9-]/g, '');
+        const slug = normalizePublicPageSlug(pathname.replace('/learn/', ''));
         const articlePath = path.join(LEARN_DIR, `${slug}.html`);
         if (!articlePath.startsWith(LEARN_DIR)) {
           sendJson(res, 403, { error: 'Forbidden' });
@@ -4347,7 +4383,7 @@ async function addContext(){
 
     if (isGetLikeRequest && pathname.startsWith('/guides/')) {
       try {
-        const slug = pathname.replace('/guides/', '').replace(/[^a-z0-9-]/g, '');
+        const slug = normalizePublicPageSlug(pathname.replace('/guides/', ''));
         const guidePath = path.join(GUIDES_DIR, `${slug}.html`);
         if (!guidePath.startsWith(GUIDES_DIR)) { sendJson(res, 403, { error: 'Forbidden' }); return; }
         const html = fs.readFileSync(guidePath, 'utf-8');
@@ -4358,7 +4394,7 @@ async function addContext(){
 
     if (isGetLikeRequest && pathname.startsWith('/compare/') && pathname !== '/compare') {
       try {
-        const slug = pathname.replace('/compare/', '').replace(/[^a-z0-9-]/g, '');
+        const slug = normalizePublicPageSlug(pathname.replace('/compare/', ''));
         const comparePath = path.join(COMPARE_DIR, `${slug}.html`);
         if (!comparePath.startsWith(COMPARE_DIR)) { sendJson(res, 403, { error: 'Forbidden' }); return; }
         const html = fs.readFileSync(comparePath, 'utf-8');
@@ -4367,6 +4403,17 @@ async function addContext(){
       return;
     }
 
+    if (isGetLikeRequest && pathname.startsWith('/use-cases/')) {
+      try {
+        const slug = normalizePublicPageSlug(pathname.replace('/use-cases/', ''));
+        const useCasePath = path.join(USE_CASES_DIR, `${slug}.html`);
+        if (!useCasePath.startsWith(USE_CASES_DIR)) { sendJson(res, 403, { error: 'Forbidden' }); return; }
+        const html = fs.readFileSync(useCasePath, 'utf-8');
+        sendHtml(res, 200, html, {}, { headOnly: isHeadRequest });
+      } catch { sendJson(res, 404, { error: 'Use case not found' }); }
+      return;
+    }
+
     if (isGetLikeRequest && pathname.startsWith('/assets/')) {
       const rel = pathname.slice('/assets/'.length);
       const resolved = path.resolve(PUBLIC_ASSETS_DIR, rel);
@@ -4500,24 +4547,28 @@ async function addContext(){
           ctaPlacement: 'checkout_interstitial',
           planId: 'workflow_teardown',
         });
-        const diagnosticCheckoutHref = hostedConfig.sprintDiagnosticCheckoutUrl
-          ? buildCheckoutIntentHref(hostedConfig.sprintDiagnosticCheckoutUrl, analyticsMetadata, {
+        const diagnosticCheckoutHref = buildCheckoutIntentHref(
+          hostedConfig.sprintDiagnosticCheckoutUrl || SPRINT_DIAGNOSTIC_CHECKOUT_URL,
+          analyticsMetadata,
+          {
             utmMedium: 'checkout_interstitial_paid_path',
             utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_diagnostic',
             ctaId: 'checkout_interstitial_sprint_diagnostic_checkout',
             ctaPlacement: 'checkout_interstitial',
             planId: 'sprint_diagnostic',
-          })
-          : '';
-        const sprintCheckoutHref = hostedConfig.workflowSprintCheckoutUrl
-          ? buildCheckoutIntentHref(hostedConfig.workflowSprintCheckoutUrl, analyticsMetadata, {
+          }
+        );
+        const sprintCheckoutHref = buildCheckoutIntentHref(
+          hostedConfig.workflowSprintCheckoutUrl || WORKFLOW_SPRINT_CHECKOUT_URL,
+          analyticsMetadata,
+          {
             utmMedium: 'checkout_interstitial_paid_path',
             utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_workflow_sprint',
             ctaId: 'checkout_interstitial_workflow_sprint_checkout',
             ctaPlacement: 'checkout_interstitial',
             planId: 'workflow_sprint',
-          })
-          : '';
+          }
+        );
         const html = renderCheckoutIntentPage({
           confirmHref: buildCheckoutConfirmHref(parsed),
           firstRuleCheckoutHref,