thumbgate 1.20.0 → 1.21.0

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.20.0",
+  "version": "1.21.0",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -8,47 +8,75 @@
   "plugins": [
     {
       "name": "thumbgate",
-      "description": "Type 👍 or 👎 on any agent action. ThumbGate captures it, distills a lesson, and blocks the pattern from repeating. One thumbs-down = the agent physically cannot make that mistake again. 33 pre-action checks, budget enforcement, self-protection, and NIST/SOC2 compliance tags.",
+      "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
+      "longDescription": "ThumbGate is a tripwire, not a memory layer. When you thumbs-down an agent action — a force-push that overwrote a teammate's commit, a destructive SQL drop, a refactor you already rejected — ThumbGate captures the pattern, distills a one-sentence lesson, and installs it as a PreToolUse block. The next time the agent reaches for the same tool call shape, the hook fires before execution and Claude sees your own words back as the reason.\n\nThe enforcement lives in the hook, not in the model's context, so the agent cannot bypass it by forgetting, by being prompted around it, or by switching sessions. Same rule works in Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, and OpenCode.\n\n33 pre-action checks shipped (force-push, destructive SQL, mass-delete, npm publish from wrong branch, deploy without verification). Budget enforcement (action count + time limits) prevents runaway agent sessions. NIST / SOC2 / OWASP / CWE compliance tags on every rule for enterprise teams. DPO training-pair export for teams running their own fine-tunes.\n\nFree tier: unlimited local rules, fully offline. Pro ($19/mo): cloud sync across team, dashboard, audit export.",
       "source": {
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.20.0",
+      "version": "1.21.0",
       "author": {
-        "name": "Igor Ganapolsky"
+        "name": "Igor Ganapolsky",
+        "email": "ig5973700@gmail.com",
+        "url": "https://thumbgate.ai"
       },
       "homepage": "https://thumbgate-production.up.railway.app",
       "repository": "https://github.com/IgorGanapolsky/ThumbGate",
       "license": "MIT",
       "category": "developer-tools",
       "tags": [
-        "pre-action-checks",
-        "ai-agent-safety",
-        "mcp",
-        "memory",
+        "guardrails",
+        "pretooluse",
+        "hooks",
+        "feedback",
+        "rlhf",
+        "dpo",
+        "agent-safety",
         "workflow-hardening"
       ],
       "keywords": [
+        "guardrails",
+        "pretooluse",
+        "hooks",
+        "feedback",
+        "rlhf",
+        "dpo",
+        "agent-safety",
+        "workflow-hardening",
         "claude-desktop",
         "desktop-extension",
         "pre-action-checks",
         "ai-agent-safety",
         "mcp",
-        "memory",
-        "workflow-hardening"
+        "memory"
       ],
+      "capabilities": {
+        "skills": 2,
+        "commands": 5,
+        "agents": 1,
+        "hooks": 3,
+        "mcpServer": "thumbgate serve"
+      },
+      "installCommand": "/plugin install thumbgate@claude-plugins-official",
       "metadata": {
         "author": "Igor Ganapolsky",
         "homepage": "https://thumbgate-production.up.railway.app",
         "license": "MIT",
         "keywords": [
+          "guardrails",
+          "pretooluse",
+          "hooks",
+          "feedback",
+          "rlhf",
+          "dpo",
+          "agent-safety",
+          "workflow-hardening",
           "claude-desktop",
           "desktop-extension",
           "pre-action-checks",
           "ai-agent-safety",
           "mcp",
-          "memory",
-          "workflow-hardening"
+          "memory"
         ],
         "category": "developer-tools"
       }

package/.claude-plugin/plugin.json

@@ -1,22 +1,31 @@
 {
   "name": "thumbgate",
-  "description": "Type 👍 or 👎 on any agent action. ThumbGate captures it, distills a lesson, and blocks the pattern from repeating. One thumbs-down = the agent physically cannot make that mistake again. 33 pre-action checks, budget enforcement, self-protection, and NIST/SOC2 compliance tags.",
-  "version": "1.20.0",
+  "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
+  "version": "1.21.0",
   "author": {
-    "name": "Igor Ganapolsky"
+    "name": "Igor Ganapolsky",
+    "email": "ig5973700@gmail.com",
+    "url": "https://thumbgate.ai"
   },
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": "https://github.com/IgorGanapolsky/ThumbGate",
   "license": "MIT",
+  "category": "developer-tools",
   "keywords": [
+    "guardrails",
+    "pretooluse",
+    "hooks",
+    "feedback",
+    "rlhf",
+    "dpo",
+    "agent-safety",
+    "workflow-hardening",
     "claude-desktop",
     "desktop-extension",
     "mcp",
     "pre-action-checks",
     "ai-agent-safety",
-    "memory",
-    "guardrails",
-    "workflow-hardening"
+    "memory"
   ],
   "skills": "./skills/",
   "mcpServers": {

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.20.0",
+  "version": "1.21.0",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "transport": "stdio",

package/README.md

@@ -6,17 +6,23 @@
   </a>
 </p>
 
-**Your AI coding bill has a leak.**
+**AI agents repeat mistakes. You pay for every retry.**
 
-**Stop paying for the same AI mistake twice.**
+ThumbGate remembers what went wrong and permanently blocks it before it happens again. One thumbs-down becomes a prevention rule that fires across every session, every agent, every model — before a single token is spent on the repeat.
 
-Every retry loop, every hallucinated import, every *"let me try a different approach"* — those are billable tokens on every LLM vendor's bill. Thumbs-down once; ThumbGate blocks that exact mistake on every future call. Across Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode — any MCP-compatible agent, forever.
-
-Under the hood: your thumbs-down becomes one of your **Pre-Action Checks** that physically blocks the pattern **permanently** on every future call — across every session, every model, every agent. It is **self-improving agent governance**: every correction promotes a fresh prevention rule, and your library of prevention rules grows stronger with every lesson. Works with Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode, and any MCP-compatible agent. The monthly Anthropic / OpenAI bill stops paying for the same lesson over and over — local-first enforcement, zero tokens spent on repeats.
+```
+  Agent tries:   rm -rf tests/
+  ThumbGate:     ⛔ BLOCKED — "Never delete test directories"
+                 Pattern matched: rm.*-rf.*tests
+                 Source: your thumbs-down from last Tuesday
+                 Tokens spent on this repeat: 0
+```
 
-> **Prevent expensive AI mistakes. Make AI stop repeating mistakes. Turn a smart assistant into a reliable operator.**
+```bash
+npx thumbgate init   # auto-detects your agent, wires hooks, 30 seconds
+```
 
-> **Mission:** make AI coding affordable by making sure you never pay for the same mistake twice.
+Works with **Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode** and any MCP-compatible agent. Free tier: 5 active prevention rules. [Pro: $19/mo](https://thumbgate-production.up.railway.app/checkout/pro?utm_source=github&utm_medium=readme) — unlimited rules, dashboard, DPO export.
 
 [![CI](https://github.com/IgorGanapolsky/ThumbGate/actions/workflows/ci.yml/badge.svg)](https://github.com/IgorGanapolsky/ThumbGate/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/thumbgate)](https://www.npmjs.com/package/thumbgate)
@@ -48,7 +54,7 @@ If someone is not already bought into ThumbGate, do not lead with architecture.
 
 1. **Show the pain:** open the **[ThumbGate GPT](https://thumbgate-production.up.railway.app/go/gpt?utm_source=github&utm_medium=readme&utm_campaign=first_dollar_activation&cta_id=readme_first_dollar_open_gpt&cta_placement=readme_first_dollar)** and paste the bad answer, risky command, deploy, PR action, or agent plan before it runs again.
 2. **Capture the lesson:** type `thumbs down:` or `thumbs up:` with one concrete sentence. Native ChatGPT rating buttons are not the ThumbGate capture path; typed feedback is.
-3. **Enforce the repeat:** run `npx thumbgate init` where the agent executes so the lesson can become a Pre-Action Check instead of another reminder.
+3. **Enforce the repeat:** run `npx thumbgate init` where the agent executes so the lesson can become one of your Pre-Action Checks instead of another reminder.
 4. **Upgrade only after proof:** Solo Pro is for the dashboard, DPO export, proof-ready evidence, and higher capture limits after one real blocked repeat. Team starts with the Workflow Hardening Sprint around one repeated failure, one owner, and one proof review.
 
 The buying question is simple: **what repeated AI mistake would be worth blocking before the next tool call?**
@@ -179,6 +185,19 @@ Each recommendation ships with the benchmark commands to run next: feedback-deri
 
 Works with **Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode**, and any MCP-compatible agent. Migrating from Roo Code (sunsetting 2026-05-15)? See [`adapters/cline/INSTALL.md`](./adapters/cline/INSTALL.md).
 
+### Install scope: machine-wide vs per-project
+
+ThumbGate supports two install scopes. Pick once when you install — you can switch later by re-running with the other flag.
+
+| Scope | Command | Settings file | Lesson DB + dashboard live in | When to use |
+|-------|---------|---------------|--------------------------------|-------------|
+| **Machine-wide** (default) | `npx thumbgate init` | `~/.claude/settings.json` | `~/.claude/memory/feedback/` | Solo dev — **one shared dashboard across every repo on this machine**. A lesson learned in `repo-A` blocks the same mistake in `repo-B` automatically. |
+| **Per-project** | `npx thumbgate init --project` (in the repo root) | `<repo>/.claude/settings.json` | `<repo>/.claude/memory/feedback/` | Client work, compliance, or multi-tenant — **separate dashboard per repo**, lessons stay isolated, audit trail belongs to the repo. |
+
+Both scopes write `mcpServers.thumbgate` + the PreToolUse / UserPromptSubmit / PostToolUse / SessionStart hooks; the only difference is *where*. Machine-wide is the right default for most developers. Switch to `--project` only when you have a reason to keep lessons from bleeding between repos.
+
+> Per-project lesson DBs live under each repo's `.claude/memory/feedback/` and **must stay gitignored** — they're a runtime store, not source. ThumbGate's bundled `.gitignore` template handles this.
+
 ### Status bar proof
 
 ![Claude Code ThumbGate footer](public/assets/claude-thumbgate-statusbar.svg)
@@ -447,6 +466,7 @@ Pro ($19/mo or $149/yr) removes the rule cap and adds history-aware lesson recal
 - [**ThumbGate for Federal Agencies**](docs/FEDERAL.md) — pilot-ready posture, NIST 800-53 control mapping, OMB M-24-10 / EO 14110 alignment, ThumbGate-Core gov deployment mode, public/Core boundary invariants. Landing page: [thumbgate.ai/federal](https://thumbgate-production.up.railway.app/federal).
 - [First Dollar Playbook](docs/FIRST_DOLLAR_PLAYBOOK.md) — turning one painful workflow into the next booked pilot
 - [Commercial Truth](docs/COMMERCIAL_TRUTH.md) — pricing, claims, what we don't say
+- [Goal Contracts](docs/GOAL_CONTRACTS.md) — evidence-before-done contracts for multi-agent handoffs
 - [Changeset Strategy](docs/CHANGESET_STRATEGY.md) — release notes and version bump enforcement
 - [Release Confidence](docs/RELEASE_CONFIDENCE.md) — changesets, version checks, proof lanes
 - [Verification Evidence](docs/VERIFICATION_EVIDENCE.md) — proof artifacts

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.20.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.21.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.20.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.21.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -216,7 +216,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.20.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.21.0' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -848,12 +848,12 @@ async function callToolInner(name, args) {
       });
     }
     case 'verify_claim':
-      return toTextResult(verifyClaimEvidence(args.claim));
+      return toTextResult(verifyClaimEvidence(args.claim, { goalContract: args.goalContract }));
     case 'require_evidence_for_claim': {
       if (!args.claim || typeof args.claim !== 'string') {
         throw new Error('claim is required and must be a string');
       }
-      const verification = verifyClaimEvidence(args.claim);
+      const verification = verifyClaimEvidence(args.claim, { goalContract: args.goalContract });
       const mode = args.mode === 'advisory' ? 'advisory' : 'blocking';
       const hasMatchingChecks = Array.isArray(verification.checks) && verification.checks.length > 0;
       const evidenceMissing = hasMatchingChecks && !verification.verified;
@@ -865,9 +865,18 @@ async function callToolInner(name, args) {
         const { recordAuditEvent } = require('../../scripts/audit-trail');
         recordAuditEvent({
           toolName: 'require_evidence_for_claim',
-          toolInput: { claim: args.claim, mode, sessionId: args.sessionId || null },
+          toolInput: {
+            claim: args.claim,
+            mode,
+            sessionId: args.sessionId || null,
+            goalContract: verification.goalContract && verification.goalContract.matched
+              ? verification.goalContract
+              : null,
+          },
           decision: blocking ? 'deny' : 'allow',
-          gateId: 'completion_claim',
+          gateId: verification.goalContract && verification.goalContract.matched
+            ? 'completion_goal_contract'
+            : 'completion_claim',
           message: blocking
             ? `Completion claim blocked — missing evidence: ${missingActions.join(', ') || 'unknown'}`
             : `Completion claim verified (${verification.verified ? 'evidence present' : 'no matching gate'})`,
@@ -882,6 +891,7 @@ async function callToolInner(name, args) {
         matchedChecks: hasMatchingChecks,
         missingActions,
         checks: verification.checks,
+        goalContract: verification.goalContract,
         sessionId: args.sessionId || null,
       });
     }

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.20.0",
+        "thumbgate@1.21.0",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -851,6 +851,12 @@ function capture() {
     process.exit(1);
   }
 
+  const gateAction = (args.action || '').toLowerCase();
+  if (gateAction && !['block', 'approve', 'warn'].includes(gateAction)) {
+    console.error('Unrecognized --action. Use: block (default), approve, or warn');
+    process.exit(1);
+  }
+
   const result = captureFeedback({
     signal: normalized,
     context: args.context || '',
@@ -858,6 +864,7 @@ function capture() {
     whatToChange: args['what-to-change'],
     whatWorked: args['what-worked'],
     tags: args.tags,
+    gateAction: gateAction || undefined,
   });
 
   if (result.accepted) {
@@ -2326,6 +2333,7 @@ function help() {
     console.log('  dashboard                                         Open the local ThumbGate dashboard');
     console.log('  doctor                                            Audit runtime isolation + bootstrap context');
     console.log('  pro                                               ThumbGate Pro (dashboard, exports, sync)');
+    console.log('  subscribe <email>                                 Get the 5-min setup guide + weekly tips by email');
     console.log('');
     console.log('More:');
     console.log('  thumbgate help all     Full subcommand surface (~70 commands)');
@@ -2371,7 +2379,10 @@ function help() {
 
   // Legacy and specialist commands kept visible until they graduate into the schema.
   console.log('Also available:');
-  console.log('  install-mcp           Install MCP server into Claude Code settings (--project for local)');
+  console.log('  install-mcp           Install MCP server + PreToolUse hooks into Claude Code settings');
+  console.log('                            default: machine-wide  (~/.claude/settings.json — shared dashboard)');
+  console.log('                            --project: per-repo    (<cwd>/.claude/settings.json — isolated dashboard)');
+  console.log('                            --no-hooks: MCP only, skip hook wiring');
   console.log('  cfo                   Hosted billing summary (local fallback JSON)');
   console.log('  billing:setup         Generate operator key + print Railway setup instructions');
   console.log('  repair-github-marketplace  Repair legacy GitHub Marketplace amount mappings');
@@ -2870,6 +2881,86 @@ switch (COMMAND) {
   case 'compact':
     compact();
     break;
+  case 'subscribe': {
+    // Capture an installer's email so we can send the 5-minute setup
+    // guide + weekly tips. Drops to /v1/marketing/install-email on the
+    // hosted endpoint; the server fires sendNewsletterWelcomeEmail via
+    // Resend and persists the address for follow-up.
+    //
+    // Usage:
+    //   npx thumbgate subscribe you@company.com
+    //   npx thumbgate subscribe --email=you@company.com
+    //
+    // Never prompts interactively — postinstall must stay non-interactive
+    // for CI safety. This is the deliberate opt-in path the banner points
+    // at; if the operator runs it, they want the email.
+    const args = process.argv.slice(3);
+    let email = '';
+    for (const arg of args) {
+      if (arg.startsWith('--email=')) email = arg.slice('--email='.length).trim();
+      else if (!arg.startsWith('--')) email = arg.trim();
+    }
+    if (!email || !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+      console.error('Usage: npx thumbgate subscribe <email>');
+      console.error('       npx thumbgate subscribe --email=you@company.com');
+      console.error('');
+      console.error('We send a 5-minute setup guide + weekly tips. One-click unsubscribe.');
+      process.exit(1);
+    }
+    const endpoint = process.env.THUMBGATE_INSTALL_EMAIL_ENDPOINT
+      || 'https://thumbgate.ai/v1/marketing/install-email';
+    const payload = JSON.stringify({
+      email,
+      source: 'cli_subscribe',
+      installId: (() => {
+        try {
+          const configPath = path.join(CWD, '.thumbgate', 'config.json');
+          if (!fs.existsSync(configPath)) return null;
+          return (JSON.parse(fs.readFileSync(configPath, 'utf8')).installId) || null;
+        } catch { return null; }
+      })(),
+      cliVersion: pkgVersion(),
+    });
+    const url = new URL(endpoint);
+    const transport = url.protocol === 'https:' ? require('node:https') : require('node:http');
+    const req = transport.request({
+      method: 'POST',
+      hostname: url.hostname,
+      port: url.port || (url.protocol === 'https:' ? 443 : 80),
+      path: url.pathname + url.search,
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(payload),
+        'User-Agent': `thumbgate-cli/${pkgVersion()}`,
+      },
+      timeout: 8000,
+    }, (res) => {
+      let body = '';
+      res.on('data', (chunk) => { body += chunk; });
+      res.on('end', () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          console.log(`✓ Subscribed ${email}.`);
+          console.log('  Check your inbox in ~30 seconds for the setup guide.');
+          console.log('  Unsubscribe link is in every email.');
+          process.exit(0);
+        } else {
+          console.error(`✗ Subscribe failed: HTTP ${res.statusCode}${body ? ` — ${body.slice(0, 200)}` : ''}`);
+          process.exit(2);
+        }
+      });
+    });
+    req.on('error', (err) => {
+      console.error(`✗ Subscribe failed: ${err.message}`);
+      console.error('  Network issue? Try again, or email igor.ganapolsky@gmail.com directly.');
+      process.exit(3);
+    });
+    req.on('timeout', () => {
+      req.destroy(new Error('timeout after 8000ms'));
+    });
+    req.write(payload);
+    req.end();
+    break;
+  }
   case 'checkin': {
     // User check-in command — asks how it's going after install
     const thumbgateDir = path.join(CWD, '.thumbgate');

package/bin/postinstall.js

@@ -22,29 +22,35 @@ const {
 // This captures UTM attribution in our funnel before handing off to Stripe.
 const PRO_CTA_URL = 'https://thumbgate.ai/go/pro?utm_source=npm&utm_medium=postinstall&utm_campaign=first_dollar';
 const WORKFLOW_SPRINT_URL = 'https://thumbgate.ai/#workflow-sprint-intake';
+const DASHBOARD_URL = 'https://thumbgate.ai/dashboard?utm_source=npm&utm_medium=postinstall&utm_campaign=dashboard_nudge';
 
 process.stderr.write(`
   ╭─────────────────────────────────────────────────────╮
-  │  ThumbGate installed.                               │
+  │  ThumbGate installed — 14-day Pro trial active.     │
   │                                                     │
-  │  Every repeat-mistake your agent makes costs        │
-  │  tokens. ThumbGate blocks known-bad tool calls      │
-  │  BEFORE the model sees them — zero tokens spent     │
-  │  on mistakes you've already corrected.              │
+  │  Every feature unlocked. No limits. No card needed. │
+  │  After 14 days, you keep the free tier (5 rules,    │
+  │  unlimited captures) or upgrade to keep Pro.        │
   │                                                     │
-  │  Start free:                                        │
+  │  Start now:                                         │
   │    npx thumbgate init                               │
   │    npx thumbgate stats                              │
+  │                                                     │
+  │  Get the 5-min setup guide + weekly tips:           │
+  │    npx thumbgate subscribe you@company.com          │
+  │                                                     │
+  │  See your gates firing live:                        │
+  │    ${DASHBOARD_URL.slice(0, 47).padEnd(47, ' ')} │
   ╰─────────────────────────────────────────────────────╯
 
-  Pro — ${PRO_PRICE_LABEL}
-    personal local dashboard, DPO export
-    Upgrade: ${PRO_CTA_URL}
-    Direct:  ${PRO_MONTHLY_PAYMENT_LINK}
+  Your 14-day Pro trial includes:
+    Unlimited prevention rules (free caps at 5)
+    Lesson search + recall across sessions
+    DPO export for preference fine-tuning
+    Hosted dashboard — no self-hosting needed
 
-  Team: ${TEAM_PRICE_LABEL}
-    Workflow Hardening Sprint intake:
-    ${WORKFLOW_SPRINT_URL}
+  After the trial: ${PRO_PRICE_LABEL}
+    Upgrade: ${PRO_CTA_URL}
 
   Or run: npx thumbgate pro
 

package/config/merge-quality-checks.json

@@ -4,7 +4,6 @@
     "CodeQL",
     "Analyze JavaScript (javascript-typescript)",
     "Verify changeset",
-    "SonarCloud Code Analysis",
     "GitGuardian Security Checks",
     "Socket Security: Project Report",
     "Socket Security: Pull Request Alerts"

package/config/post-deploy-marketing-pages.json

@@ -0,0 +1,46 @@
+{
+  "$comment": "Sentinel manifest for post-deploy verification of top-level marketing pages. Each entry is curled against the live production URL after every push to main; if the sentinel string is missing from the response body, the deploy is flagged as broken and the workflow comments on the associated PR. Adding a new top-level marketing page? Add it here so the deploy-verify workflow catches a route regression before a real visitor does. Keep sentinel strings short and stable (visible body copy, not styling classes or hashed assets).",
+  "version": 1,
+  "pages": [
+    {
+      "route": "/",
+      "sentinel": "Stop paying for the same AI mistake twice",
+      "description": "Home page hero (lifeblood — never regress)"
+    },
+    {
+      "route": "/pro",
+      "sentinel": "ThumbGate Pro",
+      "description": "Pro landing page"
+    },
+    {
+      "route": "/dashboard",
+      "sentinel": "ThumbGate Dashboard",
+      "description": "Dashboard demo (already enforced by /dashboard step; included here for symmetry with PR comment surface)"
+    },
+    {
+      "route": "/federal",
+      "sentinel": "ThumbGate",
+      "description": "Federal lead-gen page (SBIR / GSA arrivals)"
+    },
+    {
+      "route": "/numbers",
+      "sentinel": "ThumbGate",
+      "description": "First-party numbers / data transparency page"
+    },
+    {
+      "route": "/llm-context.md",
+      "sentinel": "## What ThumbGate Is",
+      "description": "Canonical declarative summary AI crawlers read"
+    },
+    {
+      "route": "/robots.txt",
+      "sentinel": "User-agent",
+      "description": "Crawl directives (mandatory per Google's 2026-05-15 AI features guide)"
+    },
+    {
+      "route": "/sitemap.xml",
+      "sentinel": "<urlset",
+      "description": "XML sitemap for search-engine discoverability"
+    }
+  ]
+}