thumbgate 1.19.0 → 1.21.0

package/src/api/server.js

@@ -219,6 +219,7 @@ const COMPARE_PAGE_PATH = path.resolve(__dirname, '../../public/compare.html');
 const LEARN_PAGE_PATH = path.resolve(__dirname, '../../public/learn.html');
 const NUMBERS_PAGE_PATH = path.resolve(__dirname, '../../public/numbers.html');
 const FEDERAL_PAGE_PATH = path.resolve(__dirname, '../../public/federal.html');
+const PRICING_PAGE_PATH = path.resolve(__dirname, '../../public/pricing.html');
 const LEARN_DIR = path.resolve(__dirname, '../../public/learn');
 const GUIDES_DIR = path.resolve(__dirname, '../../public/guides');
 const COMPARE_DIR = path.resolve(__dirname, '../../public/compare');
@@ -413,26 +414,20 @@ const TRACKED_LINK_TARGETS = Object.freeze({
     },
     allowCustomerEmail: true,
   },
-  // 2026-05-12: Aiventyx marketplace listing routes its Teams clicks through
-  // /go/teams (best-performing listing at ~62% CTR). Without this slug the
-  // server returned 404 + "Tracked link not found". Every Aiventyx Teams
-  // click between the URL swap and this deploy landed on that error page.
-  // Destination: 3-seat Team self-serve Stripe checkout (the path I shipped
-  // in PR #1877 — plan_id=team + seat_count=3 = $147/mo entry).
+  // 2026-05-19: Team is intake-led. Keep the tracked shortlink alive for
+  // marketplaces and old outreach, but route it to workflow scope first
+  // instead of blind 3-seat checkout.
   teams: {
-    path: '/checkout/pro',
+    path: '/#workflow-sprint-intake',
     ctaId: 'go_teams',
     ctaPlacement: 'link_router',
-    eventType: 'cta_click',
+    eventType: 'team_intake_started',
     defaults: {
       utm_source: 'website',
       utm_medium: 'link_router',
-      utm_campaign: 'team_self_serve',
+      utm_campaign: 'team_intake',
       plan_id: 'team',
-      seat_count: '3',
-      billing_cycle: 'monthly',
     },
-    allowCustomerEmail: true,
   },
   install: {
     path: '/guide',
@@ -1384,7 +1379,7 @@ function sendInvalidAnalyticsWindowProblem(res, title, err) {
     type: PROBLEM_TYPES.INVALID_REQUEST,
     title,
     status: 400,
-    detail: err && err.message ? err.message : 'Invalid analytics window request.',
+    detail: err?.message ? err.message : 'Invalid analytics window request.',
   });
 }
 
@@ -1499,50 +1494,11 @@ function buildCheckoutIntentHref(baseUrl, metadata = {}, overrides = {}) {
 
 function renderCheckoutIntentPage({
   confirmHref,
-  firstRuleCheckoutHref,
-  quickReadCheckoutHref,
-  workflowTeardownCheckoutHref,
   workflowIntakeHref,
-  teamOptionsHref,
-  diagnosticCheckoutHref,
-  sprintCheckoutHref,
-  sprintDiagnosticPriceDollars = 499,
-  workflowSprintPriceDollars = 1500,
 }) {
   const safeConfirmHref = escapeHtmlAttribute(confirmHref);
-  const safeFirstRuleCheckoutHref = firstRuleCheckoutHref
-    ? escapeHtmlAttribute(firstRuleCheckoutHref)
-    : '';
-  const safeQuickReadCheckoutHref = quickReadCheckoutHref
-    ? escapeHtmlAttribute(quickReadCheckoutHref)
-    : '';
-  const safeWorkflowTeardownCheckoutHref = workflowTeardownCheckoutHref
-    ? escapeHtmlAttribute(workflowTeardownCheckoutHref)
-    : '';
   const safeWorkflowIntakeHref = escapeHtmlAttribute(workflowIntakeHref);
-  const safeTeamOptionsHref = escapeHtmlAttribute(teamOptionsHref);
-  const safeDiagnosticCheckoutHref = diagnosticCheckoutHref
-    ? escapeHtmlAttribute(diagnosticCheckoutHref)
-    : '';
-  const safeSprintCheckoutHref = sprintCheckoutHref
-    ? escapeHtmlAttribute(sprintCheckoutHref)
-    : '';
-  const diagnosticAction = safeDiagnosticCheckoutHref
-    ? `<a data-i="sprint_diagnostic_checkout" href="${safeDiagnosticCheckoutHref}">Book $${sprintDiagnosticPriceDollars} diagnostic</a>`
-    : '';
-  const sprintAction = safeSprintCheckoutHref
-    ? `<a data-i="workflow_sprint_checkout" href="${safeSprintCheckoutHref}">Start $${workflowSprintPriceDollars} sprint</a>`
-    : '';
-  const firstRuleAction = safeFirstRuleCheckoutHref
-    ? `<a data-i="first_failure_rule_checkout" href="${safeFirstRuleCheckoutHref}">Pay $1 first rule</a>`
-    : '';
-  const quickReadAction = safeQuickReadCheckoutHref
-    ? `<a data-i="quick_read_checkout" href="${safeQuickReadCheckoutHref}">Pay $19 quick read</a>`
-    : '';
-  const teardownAction = safeWorkflowTeardownCheckoutHref
-    ? `<a data-i="workflow_teardown_checkout" href="${safeWorkflowTeardownCheckoutHref}">Pay $99 teardown</a>`
-    : '';
-  return `<!doctype html><html lang="en"><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Confirm — ThumbGate Pro</title><style>body{background:#0a0a0a;color:#eee;font-family:system-ui,-apple-system,sans-serif;line-height:1.5}main{max-width:520px;margin:8vh auto;padding:0 20px}.brand{display:flex;align-items:center;gap:10px;margin-bottom:24px;font-size:14px;color:#94a3b8}.brand-mark{width:24px;height:24px;background:#22d3ee;border-radius:6px;display:inline-block}h1{font-size:24px;margin:0 0 8px;color:#fff}.price{font-size:32px;font-weight:700;color:#22d3ee;margin:8px 0 4px}.price small{font-size:14px;color:#94a3b8;font-weight:400}p{color:#cbd5e1;margin:8px 0}a{display:block;text-decoration:none}a.primary{background:#22d3ee;color:#000;padding:16px;text-align:center;border-radius:8px;font-weight:700;font-size:16px;margin:20px 0 10px}a.secondary{border:1px solid #374151;color:#cbd5e1;padding:12px;text-align:center;border-radius:8px;margin:8px 0;font-size:14px}.trust{margin:24px 0;padding:16px;border:1px solid #1f2937;border-radius:8px;background:#0f172a}.trust-item{font-size:13px;color:#cbd5e1;padding:4px 0;display:flex;gap:8px}.trust-item::before{content:"✓";color:#22d3ee;font-weight:700}details{margin-top:32px;font-size:13px;color:#94a3b8}details summary{cursor:pointer;padding:8px 0}details a{border:1px solid #374151;color:#94a3b8;padding:10px;text-align:center;border-radius:6px;margin:6px 0;font-size:13px}.back{text-align:center;color:#64748b;font-size:12px;margin-top:24px}.back a{color:#64748b;display:inline}</style><main><div class="brand"><span class="brand-mark"></span><span>ThumbGate</span></div><h1>Start ThumbGate Pro</h1><div class="price">$19<small>/mo</small></div><p>Block every repeat AI-agent mistake. Local-first. MIT-licensed CLI included. Cancel anytime.</p><a class="primary" data-i="pro_checkout_confirmed" href="${safeConfirmHref}">Pay $19/mo with Stripe →</a><div class="trust"><div class="trust-item">6 paying customers, 18,000+ installs verified on npm</div><div class="trust-item">Cancel anytime — instant refund within 7 days</div><div class="trust-item">MIT open source · no vendor lock-in</div><div class="trust-item">Works with Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode</div></div><details><summary>Other paid paths (diagnostic, sprint, teardown, single-rule)</summary>${diagnosticAction.replace('<a ', '<a class="secondary" ')}${sprintAction.replace('<a ', '<a class="secondary" ')}${teardownAction.replace('<a ', '<a class="secondary" ')}${quickReadAction.replace('<a ', '<a class="secondary" ')}${firstRuleAction.replace('<a ', '<a class="secondary" ')}<a class="secondary" data-i="workflow_sprint_intake" href="${safeWorkflowIntakeHref}">Send workflow first (intake)</a><a class="secondary" data-i="team_paid_path" href="${safeTeamOptionsHref}">See all options</a></details><p class="back"><a href="/">← Back to thumbgate.ai</a></p></main><script>addEventListener('click',e=>{let a=e.target.closest('[data-i]');if(a&&navigator.sendBeacon)navigator.sendBeacon('/v1/telemetry/ping',new Blob([JSON.stringify({eventType:'checkout_interstitial_cta_clicked',clientType:'web',page:'/checkout/pro',ctaId:a.dataset.i,ctaPlacement:'checkout_interstitial'})],{type:'application/json'}))})</script></html>`;
+  return `<!doctype html><html lang="en"><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Confirm — ThumbGate Pro</title><style>body{background:#0a0a0a;color:#eee;font-family:system-ui,-apple-system,sans-serif;line-height:1.5}main{max-width:520px;margin:8vh auto;padding:0 20px}.brand{display:flex;align-items:center;gap:10px;margin-bottom:24px;font-size:14px;color:#94a3b8}.brand-mark{width:24px;height:24px;background:#22d3ee;border-radius:6px;display:inline-block}h1{font-size:24px;margin:0 0 8px;color:#fff}.price{font-size:32px;font-weight:700;color:#22d3ee;margin:8px 0 4px}.price small{font-size:14px;color:#94a3b8;font-weight:400}p{color:#cbd5e1;margin:8px 0}a{display:block;text-decoration:none}a.primary{background:#22d3ee;color:#000;padding:16px;text-align:center;border-radius:8px;font-weight:700;font-size:16px;margin:20px 0 10px}a.secondary{border:1px solid #374151;color:#cbd5e1;padding:12px;text-align:center;border-radius:8px;margin:8px 0 0;font-size:14px}.trust{margin:24px 0;padding:16px;border:1px solid #1f2937;border-radius:8px;background:#0f172a}.trust-item{font-size:13px;color:#cbd5e1;padding:4px 0;display:flex;gap:8px}.trust-item::before{content:"✓";color:#22d3ee;font-weight:700}.choice-note{font-size:13px;color:#94a3b8;margin-top:14px}.back{text-align:center;color:#64748b;font-size:12px;margin-top:24px}.back a{color:#64748b;display:inline}</style><main><div class="brand"><span class="brand-mark"></span><span>ThumbGate</span></div><h1>Start ThumbGate Pro</h1><div class="price">$19<small>/mo</small></div><p>The npm package runs your gates locally. <strong>Pro</strong> is what keeps them working across every machine, every agent runtime, and every breaking-change week.</p><a class="primary" data-i="pro_checkout_confirmed" rel="nofollow noindex" href="${safeConfirmHref}">Pay $19/mo with Stripe →</a><a class="secondary" data-i="workflow_sprint_intake" href="${safeWorkflowIntakeHref}">Not sure yet? Send the workflow first</a><p class="choice-note">Cancel anytime. 7-day refund, no questions. Diagnostics and sprints have their own pages.</p><div class="trust"><div class="trust-item">Lessons synced across all your machines — no local SQLite to babysit</div><div class="trust-item">Adapter matrix kept current for Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode — version drift is our problem, not yours</div><div class="trust-item">Hosted dashboard: gate stats, DPO export, org-wide rule library</div><div class="trust-item">24×7 ops on the rule engine — SonarCloud regressions fixed in &lt;24h</div></div><p class="back"><a href="/">← Back to thumbgate.ai</a></p></main><script>addEventListener('click',e=>{let a=e.target.closest('[data-i]');if(a&&navigator.sendBeacon)navigator.sendBeacon('/v1/telemetry/ping',new Blob([JSON.stringify({eventType:'checkout_interstitial_cta_clicked',clientType:'web',page:'/checkout/pro',ctaId:a.dataset.i,ctaPlacement:'checkout_interstitial'})],{type:'application/json'}))})</script></html>`;
 }
 
 function buildCheckoutBootstrapBody(parsed, req, journeyState = resolveJourneyState(req, parsed)) {
@@ -1851,7 +1807,7 @@ function appendBestEffortTelemetry(feedbackDir, payload, headers, context) {
         metadata: {
           context,
           eventType: payload && (payload.eventType || payload.event) ? payload.eventType || payload.event : 'unknown',
-          error: err && err.message ? err.message : 'unknown_error',
+          error: err?.message ? err.message : 'unknown_error',
         },
         diagnosis: {
           diagnosed: true,
@@ -1861,7 +1817,7 @@ function appendBestEffortTelemetry(feedbackDir, payload, headers, context) {
             constraintId: 'telemetry:emit',
             message: 'Server-side telemetry write failed.',
           }],
-          evidence: [err && err.message ? err.message : 'unknown_error'],
+          evidence: [err?.message ? err.message : 'unknown_error'],
         },
       });
     } catch (_) {}
@@ -2007,6 +1963,10 @@ function loadProPageHtml(runtimeConfig, pageContext = {}) {
   return loadPublicMarketingTemplateHtml(PRO_PAGE_PATH, runtimeConfig, pageContext);
 }
 
+function loadPricingPageHtml(runtimeConfig, pageContext = {}) {
+  return loadPublicMarketingTemplateHtml(PRICING_PAGE_PATH, runtimeConfig, pageContext);
+}
+
 function readOptionalPublicTemplate(filePath) {
   try {
     return fs.readFileSync(filePath, 'utf-8');
@@ -2541,6 +2501,7 @@ function renderSitemapXml(runtimeConfig) {
   const entries = [
     { path: '/', changefreq: 'weekly', priority: '1.0' },
     { path: '/pro', changefreq: 'weekly', priority: '0.9' },
+    { path: '/agent-manager', changefreq: 'weekly', priority: '0.9' },
     { path: '/llm-context.md', changefreq: 'weekly', priority: '0.8' },
     { path: '/codex-plugin', changefreq: 'weekly', priority: '0.75' },
     ...THUMBGATE_SEO_SITEMAP_ENTRIES,
@@ -3019,13 +2980,13 @@ function renderCheckoutSuccessPage(runtimeConfig) {
         curlBlock.textContent = body.nextSteps && body.nextSteps.curl ? body.nextSteps.curl : 'curl snippet unavailable.';
       } catch (err) {
         sendTelemetryOnce('checkout_session_lookup_failed', {
-          failureCode: err && err.message ? err.message : 'checkout_session_lookup_failed',
+          failureCode: err?.message ? err.message : 'checkout_session_lookup_failed',
         });
         statusEl.textContent = 'Provisioning lookup failed.';
         summaryEl.textContent = traceId
           ? 'You can retry this page. If it keeps failing, inspect the hosted API logs with trace ' + traceId + '.'
           : 'You can retry this page. If it keeps failing, inspect the hosted API logs.';
-        keyBlock.textContent = err && err.message ? err.message : 'Unknown error';
+        keyBlock.textContent = err?.message ? err.message : 'Unknown error';
       }
     }
 
@@ -3391,6 +3352,39 @@ function renderWorkflowSprintIntakeResultPage(runtimeConfig, { title, detail, le
 </html>`;
 }
 
+function renderBrokerAuditIntakeResultPage(runtimeConfig, { title, detail, leadId = null }) {
+  const safeTitle = escapeHtmlAttribute(title || 'Broker audit request received');
+  const safeDetail = escapeHtmlAttribute(detail || 'Your broker lead-flow audit request is in the queue.');
+  const safeLeadId = leadId ? `<p><strong>Lead ID:</strong> ${escapeHtmlAttribute(leadId)}</p>` : '';
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>${safeTitle}</title>
+  <meta name="robots" content="noindex,nofollow" />
+  <style>
+    body { margin: 0; font-family: system-ui, -apple-system, sans-serif; background: #0b1220; color: #e5edf8; line-height: 1.6; }
+    main { max-width: 680px; margin: 0 auto; padding: 72px 20px; }
+    .card { border: 1px solid #26354f; border-radius: 14px; padding: 24px; background: #111a2b; }
+    h1 { margin: 0 0 10px; font-size: 30px; }
+    p { color: #b8c5d8; }
+    a { color: #7dd3fc; font-weight: 700; text-decoration: none; }
+  </style>
+</head>
+<body>
+  <main>
+    <div class="card">
+      <h1>${safeTitle}</h1>
+      <p>${safeDetail}</p>
+      ${safeLeadId}
+      <p><a href="${escapeHtmlAttribute(runtimeConfig.appOrigin)}/broker-audit">Back to broker audit page</a></p>
+    </div>
+  </main>
+</body>
+</html>`;
+}
+
 function readBodyBuffer(req, maxBytes = 1024 * 1024) {
   return new Promise((resolve, reject) => {
     let total = 0;
@@ -3435,6 +3429,72 @@ async function parseFormBody(req, maxBytes = 1024 * 1024) {
   return Object.fromEntries(params.entries());
 }
 
+function normalizeLeadEmail(value) {
+  const email = normalizeNullableText(value);
+  if (!email || !/^[^\s@]{1,64}@[^\s@]{1,255}\.[^\s@]{1,63}$/.test(email)) {
+    throw createHttpError(400, 'A valid email is required');
+  }
+  return email.toLowerCase();
+}
+
+function normalizeHttpUrl(value, fieldName) {
+  const raw = normalizeNullableText(value);
+  if (!raw) throw createHttpError(400, `${fieldName} is required`);
+  try {
+    const parsedUrl = new URL(raw);
+    if (parsedUrl.protocol !== 'http:' && parsedUrl.protocol !== 'https:') {
+      throw new Error('unsupported protocol');
+    }
+    return parsedUrl.toString();
+  } catch {
+    throw createHttpError(400, `${fieldName} must be an http(s) URL`);
+  }
+}
+
+function appendBrokerAuditLead(feedbackDir, payload) {
+  const lead = {
+    leadId: createTraceId('broker_audit_lead'),
+    status: 'new',
+    offer: 'broker_lead_flow_audit_free',
+    requestedAt: new Date().toISOString(),
+    contact: {
+      name: normalizeNullableText(payload.name),
+      email: normalizeLeadEmail(payload.email),
+      brokerage: normalizeNullableText(payload.brokerage),
+      website: normalizeHttpUrl(payload.website, 'website'),
+    },
+    qualification: {
+      suspectedLeak: normalizeNullableText(payload.suspected_leak || payload.suspectedLeak),
+    },
+    attribution: {
+      traceId: payload.traceId,
+      acquisitionId: payload.acquisitionId,
+      visitorId: payload.visitorId,
+      sessionId: payload.sessionId,
+      source: payload.source,
+      utmSource: payload.utmSource,
+      utmMedium: payload.utmMedium,
+      utmCampaign: payload.utmCampaign,
+      utmContent: payload.utmContent,
+      utmTerm: payload.utmTerm,
+      ctaId: payload.ctaId,
+      ctaPlacement: payload.ctaPlacement,
+      page: payload.page,
+      landingPath: payload.landingPath,
+      referrer: payload.referrer,
+      referrerHost: payload.referrerHost,
+    },
+  };
+
+  if (!lead.contact.name) throw createHttpError(400, 'name is required');
+  if (!lead.contact.brokerage) throw createHttpError(400, 'brokerage is required');
+
+  const leadsPath = path.join(feedbackDir, 'broker-audit-leads.jsonl');
+  fs.mkdirSync(path.dirname(leadsPath), { recursive: true });
+  fs.appendFileSync(leadsPath, `${JSON.stringify(lead)}\n`, 'utf8');
+  return lead;
+}
+
 function parseOptionalObject(input, name) {
   if (input == null) return {};
   if (typeof input === 'object' && !Array.isArray(input)) return input;
@@ -3894,7 +3954,7 @@ function createApiServer() {
                 }
               })
               .catch((err) => {
-                console.warn('[newsletter] welcome email threw:', email, err && err.message);
+                console.warn('[newsletter] welcome email threw:', email, err?.message);
               });
           }
           const journeyState = resolveJourneyState(req, parsed);
@@ -4372,6 +4432,29 @@ async function addContext(){
       return;
     }
 
+    // Natural marketing URLs for the Workflow Hardening Sprint. Outbound
+    // messages, social posts, and word-of-mouth all refer to "the sprint"
+    // or "workflow hardening" — recipients who type or paste the natural
+    // URLs currently hit the generic API 401 JSON error and bounce.
+    // Redirect them to the canonical intake anchor instead.
+    if (isGetLikeRequest && (
+      pathname === '/sprint'
+      || pathname === '/sprint.html'
+      || pathname === '/workflow-hardening'
+      || pathname === '/workflow-hardening.html'
+      || pathname === '/workflow-hardening-sprint'
+      || pathname === '/workflow-hardening-sprint.html'
+      || pathname === '/workflow-sprint'
+      || pathname === '/workflow-sprint.html'
+    )) {
+      res.writeHead(302, {
+        Location: '/#workflow-sprint-intake',
+        'Cache-Control': 'no-store',
+      });
+      res.end();
+      return;
+    }
+
     if (isGetLikeRequest && (pathname === '/numbers' || pathname === '/numbers.html')) {
       // Route through servePublicMarketingPage so landing_page_view telemetry
       // + funnel-events.jsonl `discovery/landing_view` get captured with UTM
@@ -4414,6 +4497,29 @@ async function addContext(){
       return;
     }
 
+    if (isGetLikeRequest && (pathname === '/agent-manager' || pathname === '/agent-manager.html')) {
+      // ICP landing page for the role Anthropic named (Agent Manager —
+      // hybrid PM/engineer DRI who owns CLAUDE.md hierarchy, plugin
+      // marketplace, permissions policy, and which skills ship). Routed
+      // through servePublicMarketingPage so arrivals via X/Bluesky/LinkedIn
+      // threads about the role capture UTM attribution and
+      // landing_page_view telemetry for downstream pilot-pipeline analysis.
+      try {
+        servePublicMarketingPage({
+          req,
+          res,
+          parsed,
+          hostedConfig,
+          isHeadRequest,
+          renderHtml: () => fs.readFileSync(path.join(PUBLIC_DIR, 'agent-manager.html'), 'utf-8'),
+          extraTelemetry: { pageType: 'agent_manager' },
+        });
+      } catch {
+        sendJson(res, 404, { error: 'Agent Manager page not found' });
+      }
+      return;
+    }
+
     if (isGetLikeRequest && pathname === '/learn/learn.css') {
       try {
         const cssPath = path.join(LEARN_DIR, 'learn.css');
@@ -4505,7 +4611,7 @@ async function addContext(){
           version: pkg.version,
           status: 'ok',
           docs: 'https://github.com/IgorGanapolsky/ThumbGate',
-          endpoints: ['/health', '/dashboard', '/guide', '/codex-plugin', '/compare', '/learn', '/v1/feedback/capture', '/v1/feedback/stats', '/v1/feedback/summary', '/v1/lessons/search', '/v1/search', '/v1/documents', '/v1/documents/import', '/v1/documents/{documentId}', '/v1/dashboard', '/v1/dashboard/render-spec', '/v1/decisions/evaluate', '/v1/decisions/outcome', '/v1/decisions/metrics', '/v1/settings/status', '/v1/dpo/export', '/v1/jobs', '/v1/jobs/harness', '/v1/analytics/databricks/export'],
+          endpoints: ['/health', '/dashboard', '/guide', '/codex-plugin', '/compare', '/learn', '/pricing', '/v1/feedback/capture', '/v1/feedback/stats', '/v1/feedback/summary', '/v1/lessons/search', '/v1/search', '/v1/documents', '/v1/documents/import', '/v1/documents/{documentId}', '/v1/dashboard', '/v1/dashboard/render-spec', '/v1/decisions/evaluate', '/v1/decisions/outcome', '/v1/decisions/metrics', '/v1/settings/status', '/v1/dpo/export', '/v1/jobs', '/v1/jobs/harness', '/v1/analytics/databricks/export'],
         }, {}, {
           headOnly: isHeadRequest,
         });
@@ -4549,9 +4655,22 @@ async function addContext(){
 
       const botClassification = classifyRequester(req.headers);
       const confirmParam = parsed?.searchParams?.get('confirm') ?? null;
-      const isConfirmedCheckout = confirmParam === '1'
-        || confirmParam === 'true'
-        || req.method === 'POST';
+      const hasConfirmFlag = confirmParam === '1' || confirmParam === 'true';
+      // 2026-05-19 audit: 2,210 of 2,251 Stripe sessions ever created were
+      // zombies (expired with no email). Cause: the interstitial HTML
+      // rendered a `/checkout/pro?confirm=1` link, bot crawlers discovered
+      // it and followed it, bypassing the bot deflection. A bot crawl never
+      // reaches the payment form, so the session is guaranteed waste.
+      //
+      // Fix: bot + confirm=1 (alone) deflects back to the interstitial. Two
+      // escape hatches preserve real-user flows: (a) POST always proceeds
+      // (form submission JS-less bots don't do), (b) a `customer_email`
+      // query param treats the request as confirmed even from a bot UA,
+      // because no real crawler appends customer_email to discovered URLs.
+      const hasCustomerEmailHint = !!parsed?.searchParams?.has('customer_email');
+      const botShouldBypass = !botClassification.isBot || hasCustomerEmailHint;
+      const isConfirmedCheckout = req.method === 'POST'
+        || (hasConfirmFlag && botShouldBypass);
       // Plausible funnel event #1 of 3: page view. Fired before interstitial
       // deflection so we get the full top-of-funnel count, with isBot as a
       // prop so the dashboard can filter human vs. crawler traffic. Fire-and-forget.
@@ -4582,7 +4701,7 @@ async function addContext(){
       // and must click "Pay $19/mo with Stripe →" (which sets confirm=1) to
       // trigger the Stripe-session creation + redirect. Counter-risk: one
       // extra click on the human path. Mitigated because the interstitial
-      // also serves as a value-preview ("6 paying customers, MIT open source,
+      // also serves as a value-preview ("5,200+ npm installs/mo, MIT open source,
       // cancel anytime"), which typically lifts conversion more than the
       // click-friction costs.
       if (!isConfirmedCheckout) {
@@ -4617,67 +4736,9 @@ async function addContext(){
           ctaPlacement: 'checkout_interstitial',
           planId: 'team',
         });
-        const teamOptionsHref = buildCheckoutIntentHref(`${hostedConfig.appOrigin}/guides/ai-agent-governance-sprint`, analyticsMetadata, {
-          utmMedium: 'checkout_interstitial_paid_path',
-          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_team_paid_path',
-          ctaId: 'checkout_interstitial_team_paid_path',
-          ctaPlacement: 'checkout_interstitial',
-          planId: 'team',
-        });
-        const firstRuleCheckoutHref = buildCheckoutIntentHref(FIRST_FAILURE_RULE_CHECKOUT_URL, analyticsMetadata, {
-          utmMedium: 'checkout_interstitial_paid_path',
-          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_first_failure_rule',
-          ctaId: 'checkout_interstitial_first_failure_rule_checkout',
-          ctaPlacement: 'checkout_interstitial',
-          planId: 'first_failure_rule',
-        });
-        const quickReadCheckoutHref = buildCheckoutIntentHref(QUICK_READ_CHECKOUT_URL, analyticsMetadata, {
-          utmMedium: 'checkout_interstitial_paid_path',
-          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_quick_read',
-          ctaId: 'checkout_interstitial_quick_read_checkout',
-          ctaPlacement: 'checkout_interstitial',
-          planId: 'quick_read',
-        });
-        const workflowTeardownCheckoutHref = buildCheckoutIntentHref(WORKFLOW_TEARDOWN_CHECKOUT_URL, analyticsMetadata, {
-          utmMedium: 'checkout_interstitial_paid_path',
-          utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_workflow_teardown',
-          ctaId: 'checkout_interstitial_workflow_teardown_checkout',
-          ctaPlacement: 'checkout_interstitial',
-          planId: 'workflow_teardown',
-        });
-        const diagnosticCheckoutHref = buildCheckoutIntentHref(
-          hostedConfig.sprintDiagnosticCheckoutUrl || SPRINT_DIAGNOSTIC_CHECKOUT_URL,
-          analyticsMetadata,
-          {
-            utmMedium: 'checkout_interstitial_paid_path',
-            utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_diagnostic',
-            ctaId: 'checkout_interstitial_sprint_diagnostic_checkout',
-            ctaPlacement: 'checkout_interstitial',
-            planId: 'sprint_diagnostic',
-          }
-        );
-        const sprintCheckoutHref = buildCheckoutIntentHref(
-          hostedConfig.workflowSprintCheckoutUrl || WORKFLOW_SPRINT_CHECKOUT_URL,
-          analyticsMetadata,
-          {
-            utmMedium: 'checkout_interstitial_paid_path',
-            utmCampaign: analyticsMetadata.utmCampaign || 'checkout_interstitial_workflow_sprint',
-            ctaId: 'checkout_interstitial_workflow_sprint_checkout',
-            ctaPlacement: 'checkout_interstitial',
-            planId: 'workflow_sprint',
-          }
-        );
         const html = renderCheckoutIntentPage({
           confirmHref: buildCheckoutConfirmHref(parsed),
-          firstRuleCheckoutHref,
-          quickReadCheckoutHref,
-          workflowTeardownCheckoutHref,
           workflowIntakeHref,
-          teamOptionsHref,
-          diagnosticCheckoutHref,
-          sprintCheckoutHref,
-          sprintDiagnosticPriceDollars: hostedConfig.sprintDiagnosticPriceDollars || 499,
-          workflowSprintPriceDollars: hostedConfig.workflowSprintPriceDollars || 1500,
           botClassification,
         });
         sendHtml(res, 200, html, responseHeaders);
@@ -4880,7 +4941,7 @@ async function addContext(){
           seatCount: analyticsMetadata.seatCount,
           referrer: analyticsMetadata.referrer,
           referrerHost: analyticsMetadata.referrerHost,
-          failureCode: err && err.message ? err.message : 'checkout_bootstrap_failed',
+          failureCode: err?.message ? err.message : 'checkout_bootstrap_failed',
           httpStatus: err && err.statusCode ? err.statusCode : null,
         }, req.headers, 'checkout_api_failed');
         res.writeHead(302, {
@@ -4938,6 +4999,28 @@ async function addContext(){
       return;
     }
 
+    if (isGetLikeRequest && pathname === '/broker-audit') {
+      // Public-facing broker lead-flow audit landing page. Wedge for the
+      // real-estate broker outreach. Static HTML served from src/api/static.
+      try {
+        const html = normalizePublicMarketingHtml(fillTemplate(fs.readFileSync(
+          path.resolve(__dirname, '../../assets/static/broker-audit.html'),
+          'utf8'
+        ), {
+          '__POSTHOG_API_KEY__': hostedConfig.posthogApiKey || '',
+        }), hostedConfig);
+        if (isHeadRequest) {
+          sendHtml(res, 200, html, {}, { headOnly: true });
+          return;
+        }
+        sendHtml(res, 200, html);
+      } catch (err) {
+        console.error('broker-audit page read failed:', err?.message);
+        sendJson(res, 500, { error: 'broker-audit page unavailable' });
+      }
+      return;
+    }
+
     if (isGetLikeRequest && pathname === '/.well-known/mcp.json') {
       sendJson(res, 200, getMcpDiscoveryManifest(hostedConfig), {}, {
         headOnly: isHeadRequest,
@@ -5147,7 +5230,7 @@ async function addContext(){
               path: pathname,
               method: req.method,
               reason: err && err.statusCode && err.statusCode < 500 ? 'invalid_payload' : 'write_failed',
-              error: err && err.message ? err.message : 'unknown_error',
+              error: err?.message ? err.message : 'unknown_error',
             },
             diagnosis: {
               diagnosed: true,
@@ -5157,7 +5240,7 @@ async function addContext(){
                 constraintId: 'telemetry:ingest',
                 message: 'Telemetry ping could not be processed.',
               }],
-              evidence: [err && err.message ? err.message : 'unknown_error'],
+              evidence: [err?.message ? err.message : 'unknown_error'],
             },
           });
         } catch (_) {
@@ -5356,11 +5439,270 @@ async function addContext(){
       return;
     }
 
+    if (req.method === 'OPTIONS' && pathname === '/v1/marketing/install-email') {
+      // CORS preflight for the npm postinstall email-capture endpoint.
+      // The endpoint is called from `npx thumbgate subscribe <email>` so
+      // the CLI gets the right CORS headers if it ever hits the proxy
+      // path; in practice CLI hits the server directly so this is mostly
+      // defense-in-depth.
+      sendPublicBillingPreflight(res);
+      return;
+    }
+
+    if (req.method === 'POST' && pathname === '/v1/marketing/install-email') {
+      // Email-capture wedge for npm installers. The `subscribe` CLI
+      // subcommand POSTs { email, source, installId, cliVersion } here;
+      // we validate the email, persist it to a dedicated capture ledger
+      // (telemetry sanitizer would strip the email as PII), emit a
+      // privacy-clean telemetry ping for funnel attribution, and fire
+      // a Resend newsletter welcome (if RESEND_API_KEY is configured).
+      // No auth required — this is a public opt-in surface.
+      const { FEEDBACK_DIR } = getFeedbackPaths();
+      let body = '';
+      let total = 0;
+      let oversize = false;
+      const MAX_BODY = 2048;
+      req.on('data', (chunk) => {
+        total += chunk.length;
+        if (total > MAX_BODY) {
+          oversize = true;
+          return; // stop appending; let 'end' fire naturally to send 413
+        }
+        body += chunk;
+      });
+      req.on('end', async () => {
+        if (oversize) {
+          sendJson(res, 413, { error: 'payload_too_large' });
+          return;
+        }
+        let parsed;
+        try {
+          parsed = body ? JSON.parse(body) : {};
+        } catch {
+          sendJson(res, 400, { error: 'invalid_json' });
+          return;
+        }
+        const rawEmail = typeof parsed.email === 'string' ? parsed.email.trim() : '';
+        // RFC 5321-bounded email shape — same regex shape as the CLI side
+        // to keep the contract honest.
+        const emailValid = /^[^\s@]{1,64}@[^\s@]{1,255}\.[^\s@]{1,64}$/.test(rawEmail);
+        if (!emailValid) {
+          sendJson(res, 400, { error: 'invalid_email' });
+          return;
+        }
+        const source = typeof parsed.source === 'string' && parsed.source.length <= 64
+          ? parsed.source
+          : 'cli_subscribe';
+        const installId = typeof parsed.installId === 'string' && parsed.installId.length <= 128
+          ? parsed.installId
+          : null;
+        const cliVersion = typeof parsed.cliVersion === 'string' && parsed.cliVersion.length <= 32
+          ? parsed.cliVersion
+          : null;
+
+        // Persist the capture to a dedicated ledger. The standard
+        // telemetry sanitizer in scripts/telemetry-analytics.js
+        // intentionally strips arbitrary fields (PII protection), so
+        // we cannot rely on appendBestEffortTelemetry to preserve the
+        // email. The capture ledger lives alongside other feedback
+        // artifacts and is the source of truth for the marketing drip.
+        try {
+          const fsModule = require('node:fs');
+          const pathModule = require('node:path');
+          const captureDir = pathModule.resolve(FEEDBACK_DIR);
+          fsModule.mkdirSync(captureDir, { recursive: true });
+          const capturePath = pathModule.join(captureDir, 'marketing-install-emails.jsonl');
+          fsModule.appendFileSync(capturePath, JSON.stringify({
+            capturedAt: new Date().toISOString(),
+            email: rawEmail,
+            source,
+            installId,
+            cliVersion,
+            remoteAddr: req.socket?.remoteAddress || null,
+            userAgent: req.headers['user-agent'] || null,
+          }) + '\n', 'utf-8');
+        } catch (err) {
+          // Capture failure is recoverable — we still want to fire the
+          // welcome email and surface the failure to ops via diagnostic.
+          try {
+            const { appendDiagnosticRecord } = require('../../scripts/feedback-loop');
+            appendDiagnosticRecord({
+              source: 'install_email_capture',
+              step: 'capture_persist',
+              context: 'failed to persist install-email capture to ledger',
+              metadata: { error: err?.message || 'unknown' },
+            });
+          } catch (_) {}
+        }
+
+        // Privacy-clean telemetry ping for funnel attribution (no email).
+        appendBestEffortTelemetry(FEEDBACK_DIR, {
+          eventType: 'marketing_install_email_captured',
+          clientType: 'cli',
+          source,
+          installId,
+          cliVersion,
+          utmSource: source,
+          utmMedium: 'npm_postinstall',
+          utmCampaign: 'install_email_capture',
+        }, req.headers, 'marketing_install_email_captured');
+
+        // Fire Resend welcome. If RESEND_API_KEY is unset the mailer
+        // returns { sent: false, reason: 'no_api_key' } and the
+        // capture still succeeds — the operator can drip later from
+        // the captured ledger.
+        let mailerResult = { sent: false, reason: 'not_attempted' };
+        try {
+          const { sendNewsletterWelcomeEmail } = require('../../scripts/mailer');
+          mailerResult = await sendNewsletterWelcomeEmail({
+            to: rawEmail,
+            source,
+            installId,
+            cliVersion,
+          });
+        } catch (err) {
+          mailerResult = { sent: false, reason: `mailer_error:${err.message || 'unknown'}` };
+        }
+
+        sendJson(res, 200, {
+          ok: true,
+          captured: true,
+          mailerSent: !!mailerResult.sent,
+          mailerReason: mailerResult.reason || null,
+        });
+      });
+      return;
+    }
+
     if (req.method === 'OPTIONS' && pathname === '/v1/intake/workflow-sprint') {
       sendPublicBillingPreflight(res);
       return;
     }
 
+    if (req.method === 'OPTIONS' && pathname === '/v1/intake/broker-audit') {
+      sendPublicBillingPreflight(res);
+      return;
+    }
+
+    if (req.method === 'POST' && pathname === '/v1/intake/broker-audit') {
+      const { FEEDBACK_DIR } = getFeedbackPaths();
+      const traceId = createTraceId('broker_audit');
+      const journeyState = resolveJourneyState(req, parsed);
+      const referrerAttribution = buildReferrerAttribution(req);
+      const contentType = String(req.headers['content-type'] || '').toLowerCase();
+      const isFormSubmission = contentType.includes('application/x-www-form-urlencoded');
+      try {
+        const body = isFormSubmission
+          ? await parseFormBody(req, 16 * 1024)
+          : await parseJsonBody(req, 16 * 1024);
+        const lead = appendBrokerAuditLead(FEEDBACK_DIR, {
+          ...body,
+          traceId: body.traceId || traceId,
+          acquisitionId: body.acquisitionId || journeyState.acquisitionId,
+          visitorId: body.visitorId || journeyState.visitorId,
+          sessionId: body.sessionId || journeyState.sessionId,
+          page: body.page || referrerAttribution.page || '/broker-audit',
+          landingPath: body.landingPath || referrerAttribution.landingPath || '/broker-audit',
+          ctaId: body.ctaId || 'broker_audit_form',
+          ctaPlacement: body.ctaPlacement || 'broker_audit',
+          source: body.source || body.utmSource || referrerAttribution.source || 'website',
+          utmSource: body.utmSource || body.source || referrerAttribution.utmSource || 'website',
+          utmMedium: body.utmMedium || referrerAttribution.utmMedium || 'broker_audit',
+          utmCampaign: body.utmCampaign || referrerAttribution.utmCampaign || 'broker_audit_free',
+          utmContent: body.utmContent || referrerAttribution.utmContent || null,
+          utmTerm: body.utmTerm || referrerAttribution.utmTerm || null,
+          referrerHost: body.referrerHost || referrerAttribution.referrerHost || null,
+          referrer: body.referrer || referrerAttribution.referrer || null,
+        });
+
+        appendBestEffortTelemetry(FEEDBACK_DIR, {
+          eventType: 'broker_audit_lead_submitted',
+          clientType: 'web',
+          traceId: lead.attribution.traceId,
+          acquisitionId: lead.attribution.acquisitionId,
+          visitorId: lead.attribution.visitorId,
+          sessionId: lead.attribution.sessionId,
+          source: lead.attribution.source,
+          utmSource: lead.attribution.utmSource,
+          utmMedium: lead.attribution.utmMedium,
+          utmCampaign: lead.attribution.utmCampaign,
+          utmContent: lead.attribution.utmContent,
+          utmTerm: lead.attribution.utmTerm,
+          ctaId: lead.attribution.ctaId,
+          ctaPlacement: lead.attribution.ctaPlacement,
+          page: lead.attribution.page,
+          landingPath: lead.attribution.landingPath,
+          referrerHost: lead.attribution.referrerHost,
+          referrer: lead.attribution.referrer,
+        }, req.headers, 'broker_audit_lead_submitted');
+
+        if (isFormSubmission && !wantsJson(req, parsed)) {
+          sendHtml(
+            res,
+            201,
+            renderBrokerAuditIntakeResultPage(hostedConfig, {
+              title: 'Broker audit request received',
+              detail: 'Your free broker lead-flow audit request is captured. The next step is the 1-page PDF with the specific lead leaks.',
+              leadId: lead.leadId,
+            }),
+            journeyState.setCookieHeaders.length ? { 'Set-Cookie': journeyState.setCookieHeaders } : {}
+          );
+          return;
+        }
+
+        sendJson(res, 201, {
+          ok: true,
+          leadId: lead.leadId,
+          status: lead.status,
+          offer: lead.offer,
+          nextStep: 'deliver_1_page_pdf',
+        }, {
+          ...getPublicBillingHeaders(lead.attribution.traceId),
+          ...(journeyState.setCookieHeaders.length ? { 'Set-Cookie': journeyState.setCookieHeaders } : {}),
+        });
+      } catch (err) {
+        appendBestEffortTelemetry(FEEDBACK_DIR, {
+          eventType: 'broker_audit_lead_failed',
+          clientType: 'web',
+          traceId,
+          acquisitionId: journeyState.acquisitionId,
+          visitorId: journeyState.visitorId,
+          sessionId: journeyState.sessionId,
+          source: referrerAttribution.source || 'website',
+          utmSource: referrerAttribution.utmSource || 'website',
+          utmMedium: referrerAttribution.utmMedium || 'broker_audit',
+          utmCampaign: referrerAttribution.utmCampaign || 'broker_audit_free',
+          ctaId: 'broker_audit_form',
+          ctaPlacement: 'broker_audit',
+          page: referrerAttribution.page || '/broker-audit',
+          landingPath: referrerAttribution.landingPath || '/broker-audit',
+          referrerHost: referrerAttribution.referrerHost,
+          referrer: referrerAttribution.referrer,
+          failureCode: err?.message ? err.message : 'broker_audit_lead_failed',
+          httpStatus: err && err.statusCode ? err.statusCode : null,
+        }, req.headers, 'broker_audit_lead_failed');
+        if (isFormSubmission && !wantsJson(req, parsed)) {
+          sendHtml(
+            res,
+            err.statusCode || 500,
+            renderBrokerAuditIntakeResultPage(hostedConfig, {
+              title: 'Broker audit request failed',
+              detail: err.message || 'Unable to capture broker audit request.',
+            }),
+            journeyState.setCookieHeaders.length ? { 'Set-Cookie': journeyState.setCookieHeaders } : {}
+          );
+          return;
+        }
+        sendProblem(res, {
+          type: !err.statusCode || err.statusCode >= 500 ? PROBLEM_TYPES.INTERNAL : PROBLEM_TYPES.BAD_REQUEST,
+          title: !err.statusCode || err.statusCode >= 500 ? 'Internal Server Error' : 'Request Error',
+          status: err.statusCode || 500,
+          detail: err.message || 'Unable to capture broker audit request.',
+        }, getPublicBillingHeaders(traceId));
+      }
+      return;
+    }
+
     if (req.method === 'POST' && pathname === '/v1/intake/workflow-sprint') {
       const { FEEDBACK_DIR } = getFeedbackPaths();
       const traceId = createTraceId('sprint_intake');
@@ -5481,7 +5823,7 @@ async function addContext(){
           landingPath: referrerAttribution.landingPath || '/',
           referrerHost: referrerAttribution.referrerHost,
           referrer: referrerAttribution.referrer,
-          failureCode: err && err.message ? err.message : 'workflow_sprint_lead_failed',
+          failureCode: err?.message ? err.message : 'workflow_sprint_lead_failed',
           httpStatus: err && err.statusCode ? err.statusCode : null,
         }, req.headers, 'workflow_sprint_lead_failed');
         if (isFormSubmission && !wantsJson(req, parsed)) {
@@ -5584,15 +5926,15 @@ async function addContext(){
     // surface that was missing: thumbgate.ai had no /case-studies, so visitors
     // landed on CLI install commands without seeing whether anyone actually
     // got value. First entry is the Aiventyx Teams listing integration: real
-    // third-party CTR signal (5/8 clicks before the /go/teams fix, end-to-end
-    // verified after).
+    // third-party CTR signal (5/8 clicks before the /go/teams fix, now routed
+    // through team intake so scope happens before checkout).
     if (isGetLikeRequest && pathname === '/case-studies') {
       sendHtml(res, 200, `<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Case Studies — ThumbGate</title><meta name="description" content="Real integrations of ThumbGate's pre-action checks for AI coding agents. Proof, not promises."><style>body{font-family:system-ui,-apple-system,sans-serif;max-width:780px;margin:0 auto;padding:32px 20px;line-height:1.55;color:#1f2937}h1{font-size:32px;margin:0 0 8px}.lede{color:#6b7280;font-size:18px;margin:0 0 32px}article{border:1px solid #e5e7eb;border-radius:12px;padding:24px;margin-bottom:24px;background:#fff}article h2{margin:0 0 4px;font-size:22px}.meta{color:#6b7280;font-size:13px;margin-bottom:16px}h3{font-size:15px;margin:20px 0 8px;color:#374151;text-transform:uppercase;letter-spacing:0.5px}.metric{display:inline-block;background:#0f172a;color:#fff;padding:4px 10px;border-radius:6px;font-weight:600;font-size:14px;margin:0 4px 4px 0}p{margin:8px 0}a{color:#0066cc}code{background:#f3f4f6;padding:1px 6px;border-radius:4px;font-size:13.5px}footer{margin-top:48px;padding-top:24px;border-top:1px solid #e5e7eb;color:#6b7280;font-size:14px}</style></head><body>
 <h1>Case Studies</h1>
 <p class="lede">Real integrations. No fabricated logos, no aspirational numbers — every claim below is reproducible.</p>
 
 <article>
-<h2>Aiventyx marketplace — Teams listing CTR recovery</h2>
+<h2>Aiventyx marketplace — Teams listing intake recovery</h2>
 <p class="meta">Integration partner: <a href="https://www.aiventyx.com">Aiventyx</a> · Reported by: Qaiser Mehdi · Verified: 2026-05-13</p>
 
 <h3>The problem</h3>
@@ -5601,18 +5943,17 @@ async function addContext(){
 <p>The <code>/go/teams</code> slug wasn't registered in our redirector — a 404 was eating every paid-intent click from their strongest external surface.</p>
 
 <h3>The fix</h3>
-<p>Added <code>teams</code> to <code>TRACKED_LINK_TARGETS</code>: HTTP 302 redirect to <code>/checkout/pro?plan_id=team&seat_count=3&billing_cycle=monthly</code> — the 3-seat $147/mo self-serve Stripe Team checkout. Caller-supplied UTMs flow through to Stripe metadata end-to-end.</p>
+<p>Added <code>teams</code> to <code>TRACKED_LINK_TARGETS</code> and now routes it to <code>/?plan_id=team#workflow-sprint-intake</code>. Caller-supplied UTMs flow through to the intake path so the workflow, owner, and proof boundary are explicit before any Team checkout.</p>
 
 <h3>The verification</h3>
 <p>Qaiser's own incognito test, May 13 6:04 AM (full email on record):</p>
 <p><code>https://thumbgate.ai/go/teams?utm_source=aiventyx</code><br>
-→ 302 to Stripe checkout<br>
-→ "Subscribe to ThumbGate Team" page loads<br>
-→ $147/mo, 3-seat Team plan confirmed<br>
-→ Aiventyx UTMs intact in URL</p>
+→ 302 to the Team workflow intake<br>
+→ pricing source, campaign, and plan metadata preserved<br>
+→ buyer sees the scope-first path before any subscription decision</p>
 
 <h3>What this proves</h3>
-<p>End-to-end attribution from a third-party marketplace through ThumbGate's redirector into Stripe checkout, with the caller's UTM chain preserved. Two regression tests pin the redirect contract so it can't silently break.</p>
+<p>End-to-end attribution from a third-party marketplace through ThumbGate's redirector into the Team intake path, with the caller's UTM chain preserved. Regression tests pin the redirect contract so it can't silently break or regress into a blind Team checkout.</p>
 
 <p><a href="/go/teams?utm_source=case-study">Try the live redirect →</a></p>
 </article>
@@ -5634,112 +5975,26 @@ async function addContext(){
     // Sprint (proof-pack, sales-led) → Pro (self-serve recurring) → Team
     // (after qualification). Every paid CTA across the site should funnel
     // here OR directly into Stripe checkout — never a different price.
-    if (isGetLikeRequest && pathname === '/pricing') {
-      sendHtml(res, 200, `<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Pricing — ThumbGate</title><meta name="description" content="ThumbGate pricing: free CLI, $19/mo Pro, $49/seat Team, $499 Sprint Diagnostic, $1500 full Workflow Hardening Sprint. Single source of truth across the site."><style>body{font-family:system-ui,-apple-system,sans-serif;max-width:980px;margin:0 auto;padding:32px 20px;line-height:1.55;color:#1f2937}h1{font-size:36px;margin:0 0 8px;text-align:center}.lede{color:#6b7280;font-size:18px;margin:0 0 32px;text-align:center}.grid{display:grid;grid-template-columns:1fr;gap:20px;margin-bottom:24px}@media(min-width:720px){.grid{grid-template-columns:repeat(2,1fr)}.hero{grid-column:1/-1}}.card{border:1px solid #e5e7eb;border-radius:12px;padding:24px;background:#fff;display:flex;flex-direction:column}.hero{border:2px solid #0f172a;background:linear-gradient(135deg,#fef3c7,#fff)}.tag{display:inline-block;background:#0f172a;color:#fff;padding:3px 10px;border-radius:6px;font-size:12px;font-weight:600;letter-spacing:0.5px;margin-bottom:12px}.tag-free{background:#10b981}.tag-pro{background:#3b82f6}.tag-team{background:#8b5cf6}.tag-diag{background:#0f172a}.tag-sprint{background:#b91c1c}h2{margin:0 0 4px;font-size:22px}.price{font-size:30px;font-weight:700;margin:8px 0 12px}.price small{font-size:14px;color:#6b7280;font-weight:400}.tagline{color:#374151;margin:0 0 16px;font-size:15px}ul{margin:0 0 20px;padding-left:18px}li{margin:6px 0;font-size:14px}.cta{display:inline-block;background:#0f172a;color:#fff;padding:12px 24px;border-radius:8px;font-weight:600;text-decoration:none;text-align:center;margin-top:auto}.cta-secondary{background:#fff;color:#0f172a;border:1px solid #0f172a}.cta-free{background:#10b981}.micro{border-top:1px solid #e5e7eb;padding-top:24px;margin-top:16px}.micro-grid{display:grid;grid-template-columns:repeat(auto-fit,minmax(180px,1fr));gap:12px;margin:16px 0}.micro-card{border:1px solid #e5e7eb;border-radius:8px;padding:14px;text-align:center;background:#fafafa}.micro-card .mp{font-size:20px;font-weight:700;color:#0f172a}.micro-card .ml{font-size:13px;color:#6b7280;margin:4px 0 8px}.micro-card a{color:#0066cc;font-size:13px;text-decoration:none}footer{margin-top:32px;padding-top:24px;border-top:1px solid #e5e7eb;color:#6b7280;font-size:14px;text-align:center}footer a{color:#0066cc}</style></head><body>
-<h1>Pricing</h1>
-<p class="lede">Six paths to ThumbGate. Pick by what you need: an install, a subscription, a team rollout, or a stakeholder-visible artifact.</p>
-
-<div class="grid">
-
-<div class="card hero">
-<span class="tag tag-sprint">Sprint — Full engagement</span>
-<h2>Workflow Hardening Sprint</h2>
-<div class="price">$1,500 <small>· one-time</small></div>
-<p class="tagline">The full hardening engagement for a single AI-agent workflow. Built on top of the Sprint Diagnostic — we apply the diagnostic findings into a shipped Pre-Action Check pack, deploy hooks into your repo, and run the rollout review. Two weeks calendar-time, single fixed price.</p>
-<ul>
-<li>Diagnostic + applied rules + deployed PreToolUse hooks</li>
-<li>Best path if you need the workflow actually fixed, not just diagnosed</li>
-<li>Refund if we can't extract or apply a rule</li>
-</ul>
-<a class="cta" href="mailto:igor.ganapolsky@gmail.com?subject=ThumbGate%20Workflow%20Hardening%20Sprint%20-%20Intake&body=Stack%20(Claude%20Code%2FCursor%2Fother)%3A%0AOne%20repeated%20agent%20failure%20you%20want%20to%20kill%3A%0ATimeline%3A%0A">Email to start the full sprint →</a>
-</div>
-
-<div class="card">
-<span class="tag tag-diag">Diagnostic — Proof first</span>
-<h2>Sprint Diagnostic</h2>
-<div class="price">$499 <small>· one-time</small></div>
-<p class="tagline">Two-day diagnostic on one workflow. Top-5 prevention rules ranked by impact, scoped Pre-Action Check pack delivered as a PR, 60-minute findings review. The lightweight on-ramp to the full sprint.</p>
-<ul>
-<li>Best if you need a stakeholder-visible artifact (PR, doc, briefing)</li>
-<li>Two days fixed scope — no scope creep</li>
-<li>Refund if we can't extract a rule from your failure trace</li>
-</ul>
-<a class="cta" href="https://buy.stripe.com/28E00j3Uge1E2dzgWL3sI2J">Pay $499 diagnostic →</a>
-</div>
-
-<div class="card">
-<span class="tag tag-free">Free — Forever</span>
-<h2>ThumbGate CLI</h2>
-<div class="price">$0</div>
-<p class="tagline">MIT-licensed CLI + local PreToolUse hook. Unlimited captures, 5 active prevention rules, local lesson DB. Works with Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode.</p>
-<ul>
-<li>30-second install: <code>npx thumbgate init</code></li>
-<li>No account, no signup, no data leaves your machine</li>
-<li>Hit 5 active rules → upgrade to Pro for unlimited</li>
-</ul>
-<a class="cta cta-free" href="/go/install?utm_source=pricing">Install free CLI →</a>
-</div>
-
-<div class="card">
-<span class="tag tag-pro">Pro — Self-serve recurring</span>
-<h2>ThumbGate Pro</h2>
-<div class="price">$19 <small>/ month</small> · $149 / year</div>
-<p class="tagline">For developers running multiple AI agents who hit the 5-rule wall. Unlimited prevention rules, local dashboard, DPO export for offline preference fine-tuning, lesson search across sessions.</p>
-<ul>
-<li>Unlimited active prevention rules</li>
-<li>Local dashboard + lesson recall</li>
-<li>7-day refund window. Cancel anytime.</li>
-</ul>
-<a class="cta cta-secondary" href="/go/pro?utm_source=pricing">Start Pro →</a>
-</div>
-
-<div class="card">
-<span class="tag tag-team">Team — After qualification</span>
-<h2>ThumbGate Team</h2>
-<div class="price">$49 <small>/ seat / month</small> · 3-seat min ($147/mo)</div>
-<p class="tagline">For engineering teams with shared AI-agent workflows. Shared lesson DB so one engineer's save protects the whole team, org-level policy rollout, audit-ready evidence.</p>
-<ul>
-<li>Shared prevention-rule policy across seats</li>
-<li>Self-serve checkout — no sales call required</li>
-<li>Most teams start with a Sprint first, then scale to seats</li>
-</ul>
-<a class="cta cta-secondary" href="/go/teams?utm_source=pricing">Start Team →</a>
-</div>
-
-</div>
-
-<div class="micro">
-<h2 style="text-align:center;font-size:20px;margin:0 0 4px;">Micro-purchases — pay for one piece</h2>
-<p style="text-align:center;color:#6b7280;font-size:14px;margin:0 0 8px;">For evaluators who want to validate one specific surface before subscribing.</p>
-<div class="micro-grid">
-<div class="micro-card">
-<div class="mp">$1</div>
-<div class="ml">First Failure Rule</div>
-<a href="https://buy.stripe.com/fZu28rfCY6zcbO99uj3sI2G">Pay $1 →</a>
-</div>
-<div class="micro-card">
-<div class="mp">$19</div>
-<div class="ml">AI Agent Failure Quick Read</div>
-<a href="https://buy.stripe.com/5kQ7sL76s1eSaK55e33sI2H">Pay $19 →</a>
-</div>
-<div class="micro-card">
-<div class="mp">$99</div>
-<div class="ml">Workflow Teardown</div>
-<a href="https://buy.stripe.com/8x214n2Qc4r44lHayn3sI2I">Pay $99 →</a>
-</div>
-</div>
-</div>
-
-<footer>
-<p>One source of truth for ThumbGate pricing. Numbers here override anything stale elsewhere on the site.</p>
-<p><a href="/">Home</a> · <a href="/case-studies">Case Studies</a> · <a href="/support">Support</a> · <a href="/privacy">Privacy</a> · <a href="/terms">Terms</a></p>
-</footer>
-</body></html>`, {}, {
-        headOnly: isHeadRequest,
-      });
+    if (isGetLikeRequest && (pathname === '/pricing' || pathname === '/pricing.html')) {
+      try {
+        servePublicMarketingPage({
+          req,
+          res,
+          parsed,
+          hostedConfig,
+          isHeadRequest,
+          renderHtml: loadPricingPageHtml,
+          extraTelemetry: {
+            pageType: 'pricing',
+          },
+        });
+      } catch (err) {
+        sendText(res, 500, err.message || 'Pricing page unavailable');
+      }
       return;
     }
 
+
     // Public support / contact page — required for Stripe Business → Public
     // details "Customer support URL" field. Single source of truth for how
     // customers reach us (email, GitHub issues, status page).
@@ -6423,6 +6678,11 @@ async function addContext(){
       }
 
       if (req.method === 'GET' && pathname === '/v1/lessons/search') {
+        const lessonLimit = checkLimit('search_lessons');
+        if (!lessonLimit.allowed) {
+          sendJson(res, 429, { error: 'Free tier: lesson search requires Pro. Upgrade at /pricing', code: 'PRO_REQUIRED' });
+          return;
+        }
         const query = parsed.searchParams.get('q') || parsed.searchParams.get('query') || '';
         const limit = Number(parsed.searchParams.get('limit') || 10);
         const category = parsed.searchParams.get('category') || '';
@@ -6442,6 +6702,11 @@ async function addContext(){
       }
 
       if (req.method === 'GET' && pathname === '/v1/search') {
+        const searchLimit = checkLimit('search_thumbgate');
+        if (!searchLimit.allowed) {
+          sendJson(res, 429, { error: 'Free tier: search requires Pro. Upgrade at /pricing', code: 'PRO_REQUIRED' });
+          return;
+        }
         const query = parsed.searchParams.get('q') || parsed.searchParams.get('query') || '';
         const limit = Number(parsed.searchParams.get('limit') || 10);
         const source = parsed.searchParams.get('source') || 'all';
@@ -6462,6 +6727,11 @@ async function addContext(){
       }
 
       if (req.method === 'POST' && pathname === '/v1/search') {
+        const searchLimit = checkLimit('search_thumbgate');
+        if (!searchLimit.allowed) {
+          sendJson(res, 429, { error: 'Free tier: search requires Pro. Upgrade at /pricing', code: 'PRO_REQUIRED' });
+          return;
+        }
         const body = await parseJsonBody(req);
         let results;
         try {
@@ -6625,6 +6895,11 @@ async function addContext(){
       }
 
       if (req.method === 'POST' && pathname === '/v1/dpo/export') {
+        const dpoLimit = checkLimit('export_dpo');
+        if (!dpoLimit.allowed) {
+          sendJson(res, 429, { error: 'Free tier: DPO export requires Pro. Upgrade at /pricing', code: 'PRO_REQUIRED' });
+          return;
+        }
         const body = await parseJsonBody(req);
         const paths = resolveDpoExportPaths(body, {
           safeDataDir: requestSafeDataDir,
@@ -7107,7 +7382,7 @@ async function addContext(){
             type: err && err.statusCode === 404 ? PROBLEM_TYPES.NOT_FOUND : PROBLEM_TYPES.BAD_REQUEST,
             title: err && err.statusCode === 404 ? 'Lead Not Found' : 'Request Error',
             status: err && err.statusCode ? err.statusCode : 400,
-            detail: err && err.message ? err.message : 'Unable to advance workflow sprint lead.',
+            detail: err?.message ? err.message : 'Unable to advance workflow sprint lead.',
           });
         }
         return;
@@ -7256,7 +7531,7 @@ async function addContext(){
             type: PROBLEM_TYPES.INVALID_REQUEST,
             title: 'Invalid render spec request',
             status: 400,
-            detail: err && err.message ? err.message : 'Unable to build dashboard render spec.',
+            detail: err?.message ? err.message : 'Unable to build dashboard render spec.',
           });
         }
         return;