thumbgate 1.18.0 → 1.20.0

package/scripts/memory-scope-readiness.js

@@ -0,0 +1,315 @@
+#!/usr/bin/env node
+'use strict';
+
+const REQUIRED_SCOPE_FIELDS = ['entityId', 'projectId', 'processId', 'sessionId'];
+
+const FIELD_ALIASES = {
+  entityId: [
+    'entityId',
+    'userId',
+    'user_id',
+    'accountId',
+    'tenantId',
+    'actorId',
+    'scope.entityId',
+    'scope.userId',
+    'scope.user_id',
+    'metadata.entityId',
+    'metadata.userId',
+    'metadata.user_id',
+    'metadata.tenantId',
+    'richContext.entityId',
+    'richContext.userId',
+    'context.entityId',
+    'context.userId',
+  ],
+  projectId: [
+    'projectId',
+    'project_id',
+    'project',
+    'repoId',
+    'workspaceId',
+    'scope.projectId',
+    'scope.project_id',
+    'scope.project',
+    'metadata.projectId',
+    'metadata.project_id',
+    'metadata.project',
+    'metadata.repoId',
+    'metadata.workspaceId',
+    'richContext.projectId',
+    'richContext.project',
+    'context.projectId',
+    'context.project',
+  ],
+  processId: [
+    'processId',
+    'process_id',
+    'agentId',
+    'agent_id',
+    'role',
+    'scope.processId',
+    'scope.process_id',
+    'scope.agentId',
+    'scope.agent_id',
+    'metadata.processId',
+    'metadata.process_id',
+    'metadata.agentId',
+    'metadata.agent_id',
+    'metadata.role',
+    'richContext.processId',
+    'richContext.agentId',
+    'context.processId',
+    'context.agentId',
+  ],
+  sessionId: [
+    'sessionId',
+    'session_id',
+    'conversationId',
+    'threadId',
+    'runId',
+    'scope.sessionId',
+    'scope.session_id',
+    'metadata.sessionId',
+    'metadata.session_id',
+    'metadata.conversationId',
+    'metadata.threadId',
+    'metadata.runId',
+    'richContext.sessionId',
+    'richContext.conversationId',
+    'context.sessionId',
+    'context.conversationId',
+  ],
+};
+
+function readPath(value, dottedPath) {
+  const segments = dottedPath.split('.');
+  let current = value;
+  for (const segment of segments) {
+    if (!current || typeof current !== 'object' || !(segment in current)) {
+      return undefined;
+    }
+    current = current[segment];
+  }
+  return current;
+}
+
+function normalizeId(value) {
+  if (value === null || value === undefined) return null;
+  const text = String(value).trim();
+  return text ? text : null;
+}
+
+function normalizeScope(input = {}) {
+  const scope = {};
+  for (const field of REQUIRED_SCOPE_FIELDS) {
+    let resolved = null;
+    for (const alias of FIELD_ALIASES[field]) {
+      resolved = normalizeId(readPath(input, alias));
+      if (resolved) break;
+    }
+    scope[field] = resolved;
+  }
+  return scope;
+}
+
+function missingScopeFields(scope) {
+  const normalized = normalizeScope(scope);
+  return REQUIRED_SCOPE_FIELDS.filter((field) => !normalized[field]);
+}
+
+function memoryScopeKey(scope) {
+  const normalized = normalizeScope(scope);
+  if (missingScopeFields(normalized).length > 0) return null;
+  return REQUIRED_SCOPE_FIELDS.map((field) => `${field}:${normalized[field]}`).join('|');
+}
+
+function isSharedMemory(record = {}) {
+  const visibility = normalizeId(
+    record.visibility
+    || record.scope?.visibility
+    || record.metadata?.visibility
+    || record.metadata?.scope
+  );
+  return record.shared === true
+    || record.scope?.shared === true
+    || record.metadata?.shared === true
+    || ['shared', 'global', 'public', 'team'].includes(String(visibility || '').toLowerCase());
+}
+
+function recordFingerprint(record = {}) {
+  const text = [
+    record.title,
+    record.content,
+    record.context,
+    record.whatWentWrong,
+    record.whatToChange,
+    record.whatWorked,
+  ]
+    .filter(Boolean)
+    .join(' ')
+    .toLowerCase()
+    .replace(/\s+/g, ' ')
+    .trim();
+  return text || null;
+}
+
+function buildMemoryScopeReadinessReport(records = []) {
+  const byScope = new Map();
+  const byFingerprint = new Map();
+  const missingFieldsByRecord = [];
+  let sharedRecords = 0;
+  let readyRecords = 0;
+
+  records.forEach((record, index) => {
+    const scope = normalizeScope(record);
+    const missingFields = missingScopeFields(scope);
+    const shared = isSharedMemory(record);
+    const scopeKey = memoryScopeKey(scope);
+    const id = record.id || `record-${index}`;
+
+    if (shared) sharedRecords += 1;
+    if (missingFields.length === 0) readyRecords += 1;
+    else missingFieldsByRecord.push({ id, index, missingFields });
+
+    if (scopeKey) {
+      if (!byScope.has(scopeKey)) byScope.set(scopeKey, []);
+      byScope.get(scopeKey).push(id);
+    }
+
+    const fingerprint = recordFingerprint(record);
+    if (fingerprint && scopeKey && !shared) {
+      if (!byFingerprint.has(fingerprint)) byFingerprint.set(fingerprint, new Set());
+      byFingerprint.get(fingerprint).add(scopeKey);
+    }
+  });
+
+  const duplicateScopeKeys = [...byScope.entries()]
+    .filter(([, ids]) => ids.length > 1)
+    .map(([scopeKey, ids]) => ({ scopeKey, ids }));
+
+  const crossScopeDuplicates = [...byFingerprint.entries()]
+    .filter(([, scopeKeys]) => scopeKeys.size > 1)
+    .map(([fingerprint, scopeKeys]) => ({
+      fingerprint,
+      scopeKeys: [...scopeKeys].sort((a, b) => a.localeCompare(b)),
+    }));
+
+  const unscopedRecords = missingFieldsByRecord.length;
+  const riskLevel = unscopedRecords > 0 || crossScopeDuplicates.length > 0 ? 'high' : 'low';
+
+  return {
+    totalRecords: records.length,
+    readyRecords,
+    unscopedRecords,
+    sharedRecords,
+    isolatedScopeCount: byScope.size,
+    duplicateScopeKeys,
+    crossScopeDuplicates,
+    missingFieldsByRecord,
+    requiredFields: [...REQUIRED_SCOPE_FIELDS],
+    riskLevel,
+    ready: riskLevel === 'low',
+    recommendations: buildRecommendations({ unscopedRecords, crossScopeDuplicates }),
+  };
+}
+
+function buildRecommendations({ unscopedRecords, crossScopeDuplicates }) {
+  const recommendations = [];
+  if (unscopedRecords > 0) {
+    recommendations.push('Attach entityId, projectId, processId, and sessionId before writing memories.');
+  }
+  if (crossScopeDuplicates.length > 0) {
+    recommendations.push('Mark intentional shared memories explicitly; otherwise dedupe within the same scope only.');
+  }
+  if (recommendations.length === 0) {
+    recommendations.push('Scope posture is ready for multi-user and multi-session memory retrieval.');
+  }
+  return recommendations;
+}
+
+function selectRecordsForScope(records = [], requestedScope = {}, options = {}) {
+  const requested = normalizeScope(requestedScope);
+  const requestedKey = memoryScopeKey(requested);
+  if (!requestedKey) {
+    throw new Error(`requested scope missing fields: ${missingScopeFields(requested).join(', ')}`);
+  }
+
+  const includeShared = options.includeShared !== false;
+  const allowed = [];
+  const blocked = [];
+
+  for (const record of records) {
+    const shared = isSharedMemory(record);
+    const recordKey = memoryScopeKey(record);
+    if (recordKey === requestedKey || (includeShared && shared)) {
+      allowed.push(record);
+    } else {
+      blocked.push(record);
+    }
+  }
+
+  return {
+    requestedScope: requested,
+    requestedKey,
+    allowed,
+    blocked,
+  };
+}
+
+function buildMemoriStyleBenchmarkRecords() {
+  return [
+    {
+      id: 'alice-agent-a-session-1',
+      entityId: 'alice',
+      projectId: 'thumbgate',
+      processId: 'agent-a',
+      sessionId: 'session-1',
+      content: 'Use the paid sprint checklist before changing checkout code.',
+    },
+    {
+      id: 'bob-agent-a-session-1',
+      entityId: 'bob',
+      projectId: 'thumbgate',
+      processId: 'agent-a',
+      sessionId: 'session-1',
+      content: 'Bob private onboarding note.',
+    },
+    {
+      id: 'alice-agent-b-session-1',
+      entityId: 'alice',
+      projectId: 'thumbgate',
+      processId: 'agent-b',
+      sessionId: 'session-1',
+      content: 'Agent B should use docs-only mode.',
+    },
+    {
+      id: 'alice-agent-a-session-2',
+      entityId: 'alice',
+      projectId: 'thumbgate',
+      processId: 'agent-a',
+      sessionId: 'session-2',
+      content: 'Session 2 has a different migration plan.',
+    },
+    {
+      id: 'team-shared-checkout-rule',
+      entityId: 'alice',
+      projectId: 'thumbgate',
+      processId: 'agent-a',
+      sessionId: 'session-1',
+      visibility: 'shared',
+      content: 'Shared rule: checkout mutations require audit evidence.',
+    },
+  ];
+}
+
+module.exports = {
+  REQUIRED_SCOPE_FIELDS,
+  buildMemoriStyleBenchmarkRecords,
+  buildMemoryScopeReadinessReport,
+  isSharedMemory,
+  memoryScopeKey,
+  missingScopeFields,
+  normalizeScope,
+  selectRecordsForScope,
+};

package/scripts/plausible-server-events.js

@@ -0,0 +1,162 @@
+'use strict';
+
+/**
+ * Server-side Plausible custom event emitter.
+ *
+ * Why: CLAUDE.md anti-lying directive + the 2026-05-13 revenue-ROI
+ * critique flagged improvement #2 — "0/50 checkout sessions completed
+ * and you don't know why." The full /checkout/pro funnel already writes
+ * to local JSONL via appendBestEffortTelemetry(), but Plausible (where
+ * we actually look at funnel charts) only sees page-views, not the
+ * email-submitted / stripe-redirect-started transitions.
+ *
+ * This helper POSTs to the Plausible events API
+ *   https://plausible.io/api/event
+ * so the three funnel transitions show up alongside page-views in the
+ * same dashboard.
+ *
+ * Hard guarantees:
+ *  - Fire-and-forget. Never throws. Never blocks a 302 redirect.
+ *  - Disabled when THUMBGATE_PLAUSIBLE_DISABLE=1 (CI / tests / opt-out).
+ *  - 2-second hard timeout. The request socket is unref-ed so the
+ *    process can exit without waiting for the response.
+ *  - No PII. Only event name + UTM/CTA metadata (already public).
+ */
+
+const https = require('node:https');
+
+const DEFAULT_PLAUSIBLE_DOMAIN = 'thumbgate-production.up.railway.app';
+const PLAUSIBLE_ENDPOINT = 'https://plausible.io/api/event';
+const REQUEST_TIMEOUT_MS = 2_000;
+
+function isPlausibleDisabled() {
+  if (process.env.THUMBGATE_PLAUSIBLE_DISABLE === '1') return true;
+  if (process.env.DO_NOT_TRACK === '1') return true;
+  // NODE_ENV-based detection was tried and dropped: `node --test` does not
+  // set NODE_ENV automatically, so the check produced surprising behavior
+  // in test vs. production. Tests must opt out explicitly via the dedicated
+  // THUMBGATE_PLAUSIBLE_DISABLE flag.
+  return false;
+}
+
+function getPlausibleDomain() {
+  return process.env.THUMBGATE_PLAUSIBLE_DOMAIN || DEFAULT_PLAUSIBLE_DOMAIN;
+}
+
+/**
+ * Map raw telemetry fields onto Plausible "props" (string-only). Drop
+ * undefined values; cap each prop at 100 chars to satisfy Plausible's limits.
+ */
+function buildProps(metadata = {}) {
+  const props = {};
+  for (const [key, value] of Object.entries(metadata)) {
+    if (value === undefined || value === null || value === '') continue;
+    const str = typeof value === 'string' ? value : String(value);
+    if (str.length === 0) continue;
+    props[key] = str.length > 100 ? `${str.slice(0, 97)}...` : str;
+  }
+  return props;
+}
+
+function buildPayload(eventName, options = {}) {
+  const domain = options.domain || getPlausibleDomain();
+  const pageUrl = options.pageUrl || `https://${domain}${options.page || '/'}`;
+  return {
+    name: eventName,
+    url: pageUrl,
+    domain,
+    referrer: options.referrer || undefined,
+    props: buildProps(options.props || {}),
+  };
+}
+
+/**
+ * Send a custom event to Plausible. Always returns a Promise that resolves —
+ * the caller can `void plausibleEvent(...)` and ignore. Resolved value is
+ * { sent, reason } so tests can assert the dispatch path was taken.
+ */
+function plausibleEvent(eventName, options = {}) {
+  if (isPlausibleDisabled()) {
+    return Promise.resolve({ sent: false, reason: 'disabled' });
+  }
+  if (typeof eventName !== 'string' || !eventName.trim()) {
+    return Promise.resolve({ sent: false, reason: 'invalid_event_name' });
+  }
+
+  const payload = JSON.stringify(buildPayload(eventName, options));
+  const url = new URL(PLAUSIBLE_ENDPOINT);
+  const userAgent =
+    options.userAgent ||
+    `thumbgate-server/${process.env.npm_package_version || 'unknown'} (+https://github.com/IgorGanapolsky/ThumbGate)`;
+  const xff = options.forwardedFor || options.remoteAddr;
+
+  return new Promise((resolve) => {
+    let settled = false;
+    const done = (result) => {
+      if (settled) return;
+      settled = true;
+      resolve(result);
+    };
+
+    try {
+      const req = https.request(
+        {
+          hostname: url.hostname,
+          port: 443,
+          path: url.pathname,
+          method: 'POST',
+          headers: {
+            'Content-Type': 'application/json',
+            'Content-Length': Buffer.byteLength(payload),
+            'User-Agent': userAgent,
+            ...(xff ? { 'X-Forwarded-For': xff } : {}),
+          },
+          timeout: REQUEST_TIMEOUT_MS,
+        },
+        (res) => {
+          // Plausible returns 202 on accept. Drain the response body so the
+          // socket can be released back to the pool, then resolve.
+          res.on('data', () => {});
+          res.on('end', () => done({ sent: true, statusCode: res.statusCode }));
+        }
+      );
+      req.on('error', () => done({ sent: false, reason: 'request_error' }));
+      req.on('timeout', () => {
+        req.destroy();
+        done({ sent: false, reason: 'timeout' });
+      });
+      req.on('socket', (s) => s.unref());
+      req.end(payload);
+    } catch {
+      done({ sent: false, reason: 'exception' });
+    }
+  });
+}
+
+/**
+ * Convenience: fire the three /checkout/pro funnel events by name without
+ * each caller having to know the canonical Plausible event labels.
+ * The labels are chosen to read cleanly in the Plausible UI's event list.
+ */
+const CHECKOUT_EVENT_NAMES = Object.freeze({
+  view: 'Checkout Pro Viewed',
+  emailSubmitted: 'Checkout Pro Email Submitted',
+  stripeRedirect: 'Checkout Pro Stripe Redirect Started',
+});
+
+function recordCheckoutFunnelEvent(stage, options = {}) {
+  const name = CHECKOUT_EVENT_NAMES[stage];
+  if (!name) return Promise.resolve({ sent: false, reason: 'unknown_stage' });
+  return plausibleEvent(name, options);
+}
+
+module.exports = {
+  plausibleEvent,
+  recordCheckoutFunnelEvent,
+  buildPayload,
+  buildProps,
+  isPlausibleDisabled,
+  getPlausibleDomain,
+  CHECKOUT_EVENT_NAMES,
+  PLAUSIBLE_ENDPOINT,
+};

package/scripts/rate-limiter.js

@@ -42,6 +42,17 @@ const PAYWALL_MESSAGES = {
 function isProTier(authContext) {
   if (authContext && authContext.tier === 'pro') return true;
   if (process.env.THUMBGATE_API_KEY || process.env.THUMBGATE_PRO_MODE === '1' || process.env.THUMBGATE_NO_RATE_LIMIT === '1') return true;
+  // Creator/dogfooding bypass: when the owner has the dev secret + bypass
+  // configured (env or ~/.config/thumbgate/dev.json), treat the install as Pro
+  // so marketing nudges and rate limits stop firing on the maintainer's own
+  // machine.
+  try {
+    const { isCreatorDev } = require('./pro-local-dashboard');
+    if (isCreatorDev()) return true;
+  } catch (_) {
+    // pro-local-dashboard unavailable in this runtime — fall through to
+    // license/free-tier handling rather than failing the check.
+  }
   try {
     const { isProLicensed } = require('./license');
     if (isProLicensed()) return true;

package/scripts/seo-gsd.js

@@ -120,6 +120,11 @@ const HIGH_ROI_QUERY_SEEDS = [
     95,
     'Bottom-of-funnel service query that turns background-agent governance demand into a paid 48-hour Team intake and implementation wedge.',
   ),
+  querySeed(
+    'ai deployment readiness',
+    95,
+    'Production AI deployment demand maps directly to ThumbGate readiness audits, pre-action gates, rollout proof, and paid workflow hardening services.',
+  ),
   querySeed(
     'gpt-5.5 model evaluation',
     94,
@@ -1064,6 +1069,69 @@ function buildAiAgentGovernanceSprintGuide() {
   };
 }
 
+const AI_DEPLOYMENT_READINESS_GUIDE_SPEC = Object.freeze({
+  slug: 'ai-deployment-readiness',
+  meta: {
+    query: 'ai deployment readiness',
+    title: 'AI Deployment Readiness | Production Workflow Gates Before Rollout',
+    heroTitle: 'AI Deployment Readiness Before Agents Touch Production',
+    heroSummary: 'Deployment-company demand proves the buyer problem: teams need help moving AI into real workflows. ThumbGate is the governance and proof layer that makes one priority workflow ready for production with pre-action gates, rollout evidence, and paid sprint paths.',
+  },
+  takeaways: [
+    'AI deployment readiness is about workflow controls, not just prompts, demos, or model selection.',
+    'The high-ROI starting point is one priority workflow with mapped tools, data, owners, risky actions, and proof-backed gates.',
+    'ThumbGate turns deployment demand into revenue through a $499 diagnostic, a $1500 Workflow Hardening Sprint, and Team seats at $49/seat/mo.',
+  ],
+  sections: [
+    ['paragraphs', 'Why deployment is now the buying category', [
+      'OpenAI-style deployment companies validate a practical market shift: buyers do not only want a model or chatbot. They want AI systems embedded into messy production workflows where data, tools, approvals, and rollback paths already exist.',
+      'That creates a clean ThumbGate wedge. A forward deployment team can map the workflow and build the automation; ThumbGate defines what the automation is allowed to execute, what evidence must exist before it acts, and what proof the buyer can review after rollout.',
+    ]],
+    ['bullets', 'What ThumbGate adds to AI deployment readiness', [
+      'Intake for one workflow owner, one priority workflow, one repeated failure, and one production rollout target.',
+      'A governance map for data access, tools, protected files, risky commands, approval boundaries, review tiers, and rollback expectations.',
+      'Pre-action gates that stop repeated mistakes before the next shell command, PR, release, or production automation step.',
+      'Background-agent risk checks through npx thumbgate background-governance --check --json before unattended work reaches review.',
+      'A proof pack with blocked-repeat examples, run evidence, verification notes, and rollout decisions the buyer can share internally.',
+    ]],
+    ['paragraphs', 'How this makes money', [
+      'The page should convert deployment curiosity into concrete buying motion. The $499 Workflow Hardening Diagnostic validates one repeated failure and produces a readiness map. The $1500 sprint implements the first gates and proof pack. Team seats expand the same enforcement path across more repos and workflow owners.',
+      'This keeps the offer honest. ThumbGate does not claim to be the deployment company or a generic AI consultancy. It is the enforcement, governance, and proof layer that lets deployment work survive contact with production.',
+    ]],
+  ],
+  faq: [
+    [
+      'Is ThumbGate competing with AI deployment companies?',
+      'No. Deployment companies help buyers embed AI into real operations. ThumbGate complements that work by adding the governance and proof layer before AI agents or automations touch production systems.',
+    ],
+    [
+      'What should an AI deployment readiness audit produce?',
+      'A useful audit should produce one workflow map, named owners, tool and data boundaries, risky actions, approval rules, rollback expectations, pre-action gates, and proof that the first rollout can be reviewed.',
+    ],
+    [
+      'Can this start before procurement?',
+      'Yes. Start with one $499 diagnostic or the Workflow Hardening Sprint intake. The point is to prove one workflow before asking a buyer to fund a broad platform rollout.',
+    ],
+  ],
+  relatedPaths: ['/guides/ai-agent-governance-sprint', '/guides/background-agent-governance', '/guides/pre-action-checks'],
+});
+
+function buildAiDeploymentReadinessGuide() {
+  return {
+    ...preActionGuide(AI_DEPLOYMENT_READINESS_GUIDE_SPEC.slug, {
+      ...AI_DEPLOYMENT_READINESS_GUIDE_SPEC.meta,
+      takeaways: AI_DEPLOYMENT_READINESS_GUIDE_SPEC.takeaways,
+      sections: AI_DEPLOYMENT_READINESS_GUIDE_SPEC.sections.map(([kind, heading, entries]) => buildSectionFromSpec(kind, heading, entries)),
+      faq: AI_DEPLOYMENT_READINESS_GUIDE_SPEC.faq.map(([question, text]) => answer(question, text)),
+      relatedPaths: AI_DEPLOYMENT_READINESS_GUIDE_SPEC.relatedPaths,
+    }),
+    cta: {
+      label: 'Start deployment readiness intake',
+      href: '/?utm_source=website&utm_medium=seo_page&utm_campaign=ai_deployment_readiness&cta_placement=seo_brief&plan_id=team#workflow-sprint-intake',
+    },
+  };
+}
+
 const MODEL_UPGRADE_EVALUATION_GUIDE_SPEC = Object.freeze({
   slug: 'gpt-5-5-model-evaluation',
   meta: {
@@ -1590,6 +1658,7 @@ const PAGE_BLUEPRINTS = [
   buildPromptTricksToWorkflowRulesGuide(),
   buildBackgroundAgentGovernanceGuide(),
   buildAiAgentGovernanceSprintGuide(),
+  buildAiDeploymentReadinessGuide(),
   buildModelUpgradeEvaluationGuide(),
   {
     query: 'stop ai coding agents from repeating mistakes',
@@ -2102,7 +2171,7 @@ function classifyIntent(query) {
   if (!normalized) return 'informational';
   if (/\b(vs|versus|alternative|compare|comparison|better than)\b/.test(normalized)) return 'comparison';
   if (/\b(price|pricing|buy|checkout|purchase|cost)\b/.test(normalized)) return 'transactional';
-  if (/\b(autoresearch|self-improving|benchmark|reward hacking|agent safety|governance|sprint)\b/.test(normalized)) return 'commercial';
+  if (/\b(autoresearch|self-improving|benchmark|reward hacking|agent safety|governance|deployment readiness|sprint)\b/.test(normalized)) return 'commercial';
   if (/\b(claude code|cursor|codex|gemini|amp|opencode|integration|plugin|setup|install)\b/.test(normalized)) {
     return 'commercial';
   }
@@ -2594,7 +2663,11 @@ function renderWebPageJsonLd(page, runtimeConfig) {
 }
 
 function renderPaidSprintCheckoutCard(page) {
-  if (page.path !== '/guides/ai-agent-governance-sprint') return '';
+  const paidSprintGuidePaths = new Set([
+    '/guides/ai-agent-governance-sprint',
+    '/guides/ai-deployment-readiness',
+  ]);
+  if (!paidSprintGuidePaths.has(page.path)) return '';
 
   return `<div class="sidebar-card paid-sprint-card">
           <h2>Ready to buy the sprint?</h2>

package/scripts/statusline-links.js

@@ -99,6 +99,8 @@ function launchLocalServer(options = {}) {
     THUMBGATE_LOCAL_API_ORIGIN: origin.origin,
     THUMBGATE_PROJECT_DIR: projectDir,
     THUMBGATE_PRO_MODE: '1',
+    THUMBGATE_BUILD_SHA: env.THUMBGATE_BUILD_SHA || 'local-runtime',
+    THUMBGATE_BUILD_GENERATED_AT: env.THUMBGATE_BUILD_GENERATED_AT || new Date().toISOString(),
   };
 
   if (resolvedKey && resolvedKey.key) {

package/scripts/telemetry-analytics.js

@@ -330,6 +330,7 @@ function sanitizeTelemetryPayload(payload = {}, headers = {}) {
     failureCode: pickFirstText(raw.failureCode),
     httpStatus: normalizeInteger(raw.httpStatus),
     userAgent: pickFirstText(raw.userAgent, headers['user-agent']),
+    isBot: pickFirstText(raw.isBot),
     attributionTagged: Boolean(
       pickFirstText(raw.utmSource, raw.utmMedium, raw.utmCampaign, raw.utmContent, raw.utmTerm)
     ),