thumbgate 1.21.1 → 1.22.0

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.21.1",
+  "version": "1.22.0",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -14,7 +14,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.21.1",
+      "version": "1.22.0",
       "author": {
         "name": "Igor Ganapolsky",
         "email": "ig5973700@gmail.com",

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
-  "version": "1.21.1",
+  "version": "1.22.0",
   "author": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com",

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.21.1",
+  "version": "1.22.0",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "transport": "stdio",

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.21.1", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.22.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.21.1", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.22.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -216,7 +216,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.21.1' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.22.0' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -368,6 +368,111 @@ function buildRecallResponse(args = {}) {
   return toTextResult(text);
 }
 
+function buildSuggestFixResponse(args = {}) {
+  const context = String(args.context || '').trim();
+  const rawLimit = Number(args.limit);
+  const limit = Number.isFinite(rawLimit) && rawLimit > 0 ? Math.min(rawLimit, 5) : 3;
+
+  // If no context provided, return generic suggestion
+  if (!context) {
+    return toTextResult({
+      suggestions: [
+        {
+          action: 'Capture feedback about what went wrong so ThumbGate can learn and prevent recurrence.',
+          source: 'generic',
+        },
+      ],
+      query: '',
+      totalFound: 0,
+    });
+  }
+
+  // Search lessons via lesson-search module
+  const lessonModule = loadPrivateMcpModule('lessonSearch');
+  let lessonActions = [];
+  if (lessonModule) {
+    try {
+      const searchResult = lessonModule.searchLessons(context, { limit: 10 });
+      const results = Array.isArray(searchResult && searchResult.results) ? searchResult.results : [];
+      for (const result of results) {
+        const correctiveActions = (result.systemResponse && Array.isArray(result.systemResponse.correctiveActions))
+          ? result.systemResponse.correctiveActions
+          : [];
+        for (const action of correctiveActions) {
+          const text = String(action.text || '').trim();
+          if (text) {
+            lessonActions.push({
+              action: text,
+              source: action.source || `lesson:${result.id || 'unknown'}`,
+              score: result.score || 0,
+            });
+          }
+        }
+        // Also pick up lesson-level howToAvoid / actionNeeded when no explicit correctiveActions
+        if (correctiveActions.length === 0 && result.lesson) {
+          const text = result.lesson.howToAvoid || result.lesson.actionNeeded || '';
+          if (text) {
+            lessonActions.push({
+              action: String(text).trim(),
+              source: `lesson:${result.id || 'unknown'}`,
+              score: result.score || 0,
+            });
+          }
+        }
+      }
+    } catch {
+      // lesson search failure is non-fatal
+    }
+  }
+
+  // Search prevention rules directly via lesson-search module's helper
+  let ruleActions = [];
+  try {
+    const { readPreventionRuleMatches } = require('../../scripts/lesson-search');
+    const ruleMatches = readPreventionRuleMatches(context, limit);
+    for (const rule of ruleMatches) {
+      const text = rule.summary || rule.title || '';
+      if (text) {
+        ruleActions.push({
+          action: String(text).trim(),
+          source: `rule:${String(rule.title || 'prevention_rules').trim()}`,
+          score: rule.score || 0,
+        });
+      }
+    }
+  } catch {
+    // rule search failure is non-fatal
+  }
+
+  // Merge, deduplicate, sort by score, and take top `limit`
+  const seen = new Set();
+  const all = [...lessonActions, ...ruleActions]
+    .filter((item) => {
+      if (!item.action) return false;
+      const key = item.action.toLowerCase();
+      if (seen.has(key)) return false;
+      seen.add(key);
+      return true;
+    })
+    .sort((a, b) => (b.score || 0) - (a.score || 0))
+    .slice(0, limit)
+    .map(({ action, source }) => ({ action, source }));
+
+  // If nothing matched, add generic fallback
+  if (all.length === 0) {
+    all.push({
+      action: 'No matching lessons or rules found. Capture feedback via capture_feedback so ThumbGate can learn from this failure.',
+      source: 'generic',
+    });
+  }
+
+  return toTextResult({
+    suggestions: all,
+    query: context,
+    totalFound: all.length,
+  });
+}
+
 function buildDiagnoseFailureResponse(args = {}) {
   let intentPlan = null;
   const requestedProfile = args.mcpProfile || getActiveMcpProfile();
@@ -579,6 +684,8 @@ async function callToolInner(name, args) {
         tags: Array.isArray(args.tags) ? args.tags : [],
       }));
     }
+    case 'suggest_fix':
+      return buildSuggestFixResponse(args);
     case 'retrieve_lessons': {
       // Cross-encoder reranking: retrieve more candidates, then rerank for precision
       const { retrieveWithRerankingSync } = loadOptionalModule(path.join(__dirname, '../../scripts/cross-encoder-reranker'), () => ({
@@ -1330,6 +1437,7 @@ module.exports = {
   acquireLock,
   toCaptureFeedbackTextResult,
   formatCorrectiveActionsReminder,
+  buildSuggestFixResponse,
   __test__: {
     PRIVATE_MCP_MODULES,
     loadPrivateMcpModule,

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.21.1",
+        "thumbgate@1.22.0",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -23,6 +23,7 @@
  *   npx thumbgate background-governance  # background-agent run report + risk check
  *   npx thumbgate cfo           # local operational billing summary
  *   npx thumbgate pro           # solo dashboard + exports side lane
+ *   npx thumbgate audit <file>  # audit an agent transcript for repeat-mistake token waste
  */
 
 'use strict';
@@ -40,13 +41,6 @@ const {
   resolveMcpEntry,
 } = require(path.join(__dirname, '..', 'scripts', 'mcp-config'));
 const { trackEvent } = require(path.join(__dirname, '..', 'scripts', 'cli-telemetry'));
-const {
-  cacheUpdateHookCommand,
-  preToolHookCommand,
-  sessionStartHookCommand,
-  statuslineCommand,
-  userPromptHookCommand,
-} = require(path.join(__dirname, '..', 'scripts', 'hook-runtime'));
 const {
   PRO_MONTHLY_PAYMENT_LINK,
   PRO_PRICE_LABEL,
@@ -395,84 +389,24 @@ function whichExists(cmd) {
 
 function setupClaude() {
   const mcpChanged = mergeMcpJson(path.join(CWD, '.mcp.json'), 'Claude Code', 'project');
+  const { wireHooks } = require(path.join(PKG_ROOT, 'scripts', 'auto-wire-hooks'));
+  const hookResult = wireHooks({ agent: 'claude-code' });
 
-  // Wire the canonical ThumbGate gate hooks (PreToolUse pre-action check,
-  // UserPromptSubmit, PostToolUse, SessionStart) through the shared wiring
-  // path so `init`, `init --agent claude-code`, and `install` all produce the
-  // same hook set. Before this, `install` shipped a Claude config with no
-  // PreToolUse gate — the core ThumbGate feature was silently missing.
-  let wireChanged = false;
-  try {
-    const { wireHooks } = require(path.join(PKG_ROOT, 'scripts', 'auto-wire-hooks'));
-    const wireResult = wireHooks({ agent: 'claude-code' });
-    if (wireResult.error) {
-      console.log(`  Claude Code: ${wireResult.error}`);
-    } else if (wireResult.changed) {
-      wireChanged = true;
-      const lifecycles = [...new Set(wireResult.added.map((h) => h.lifecycle))].join(', ');
-      console.log(`  Claude Code: wired gate hooks (${lifecycles})`);
-    }
-  } catch (err) {
-    console.log(`  Claude Code: hook wiring skipped (${err.message})`);
-  }
-
-  // Upsert Stop hook into .claude/settings.json for autonomous self-scoring
-  const settingsPath = path.join(CWD, '.claude', 'settings.json');
-  const stopHookCommand = 'bash scripts/hook-stop-self-score.sh';
-
-  let settings = { hooks: {} };
-  if (fs.existsSync(settingsPath)) {
-    try { settings = JSON.parse(fs.readFileSync(settingsPath, 'utf8')); } catch (_) { /* fresh */ }
-  }
-  settings.hooks = settings.hooks || {};
-
-  const stopAlreadyPresent = (settings.hooks.Stop || [])
-    .some(entry => (entry.hooks || []).some(h => h.command === stopHookCommand));
-
-  let hooksChanged = false;
-  if (!stopAlreadyPresent) {
-    settings.hooks.Stop = settings.hooks.Stop || [];
-    settings.hooks.Stop.push({ hooks: [{ type: 'command', command: stopHookCommand }] });
-    hooksChanged = true;
-    console.log('  Claude Code: installed Stop hook');
+  if (hookResult.error) {
+    console.log(`  Claude Code hooks: ${hookResult.error}`);
+    return mcpChanged;
   }
 
-  // Upsert PostToolUse hook for ThumbGate statusline cache updates
-  const cacheHookCommand = cacheUpdateHookCommand();
-  const originalPostToolUseCount = (settings.hooks.PostToolUse || []).length;
-  settings.hooks.PostToolUse = (settings.hooks.PostToolUse || []).filter(
-    (entry) => !(entry.hooks || []).some((h) => h.command && h.command !== cacheHookCommand && /(hook-thumbgate-cache-updater|cache-update\b)/.test(h.command))
-  );
-  if (settings.hooks.PostToolUse.length !== originalPostToolUseCount) {
-    hooksChanged = true;
-  }
-  const cacheAlreadyPresent = (settings.hooks.PostToolUse || [])
-    .some(entry => (entry.hooks || []).some(h => h.command === cacheHookCommand || (h.command && h.command.includes('cache-update'))));
-
-  if (!cacheAlreadyPresent) {
-    settings.hooks.PostToolUse = settings.hooks.PostToolUse || [];
-    settings.hooks.PostToolUse.push({
-      matcher: 'mcp__thumbgate__feedback_stats|mcp__thumbgate__dashboard',
-      hooks: [{ type: 'command', command: cacheHookCommand }]
-    });
-    hooksChanged = true;
-    console.log('  Claude Code: installed ThumbGate cache updater hook');
-  }
-
-  // Upsert statusLine for ThumbGate feedback display
-  const statuslineScript = statuslineCommand();
-  if (!settings.statusLine || settings.statusLine.command !== statuslineScript) {
-    settings.statusLine = { type: 'command', command: statuslineScript };
-    hooksChanged = true;
-    console.log('  Claude Code: installed ThumbGate status line');
-  }
-
-  if (hooksChanged) {
-    fs.mkdirSync(path.dirname(settingsPath), { recursive: true });
-    fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2) + '\n');
+  if (!hookResult.changed) {
+    console.log(`  Claude Code hooks: already configured at ${hookResult.settingsPath}`);
+  } else {
+    for (const h of hookResult.added) {
+      console.log(`  Claude Code: wired ${h.lifecycle} hook`);
+    }
+    console.log(`  Claude Code settings: ${hookResult.settingsPath}`);
   }
 
-  return mcpChanged || hooksChanged || wireChanged;
+  return mcpChanged || hookResult.changed;
 }
 
 function setupCodex() {
@@ -744,7 +678,11 @@ function init(cliArgs = parseArgs(process.argv.slice(3))) {
   let configured = 0;
 
   const platforms = [
-    { name: 'Claude Code', detect: [() => whichExists('claude'), () => fs.existsSync(path.join(HOME, '.claude'))], setup: setupClaude },
+    { name: 'Claude Code', detect: [
+      () => whichExists('claude'),
+      () => fs.existsSync(path.join(HOME, '.claude')),
+      () => fs.existsSync(path.join(CWD, '.claude')),
+    ], setup: setupClaude },
     { name: 'Codex', detect: [() => whichExists('codex'), () => fs.existsSync(path.join(HOME, '.codex'))], setup: setupCodex },
     { name: 'Gemini', detect: [() => whichExists('gemini'), () => fs.existsSync(path.join(HOME, '.gemini'))], setup: setupGemini },
     { name: 'Amp', detect: [() => whichExists('amp'), () => fs.existsSync(path.join(HOME, '.amp'))], setup: setupAmp },
@@ -940,7 +878,14 @@ function stats() {
   const { analyzeFeedback } = require(path.join(PKG_ROOT, 'scripts', 'feedback-loop'));
   const data = analyzeFeedback();
 
+  // Gate enforcement stats — runtime intercepts + configured gates
+  let gateData = { blocked: 0, warned: 0, passed: 0, byGate: {} };
+  try { gateData = require(path.join(PKG_ROOT, 'scripts', 'gates-engine')).loadStats(); } catch {}
+  let gateConfigData = { totalGates: 0, autoPromotedGates: 0, estimatedHoursSaved: '0.0', topBlocked: null, firstTimeFixRate: null };
+  try { gateConfigData = require(path.join(PKG_ROOT, 'scripts', 'gate-stats')).calculateStats(); } catch {}
+
   const avgCostOfMistake = 2.50;
+  const totalInterceptions = gateData.blocked + gateData.warned;
   const payload = {
     total: data.total,
     positives: data.totalPositive,
@@ -950,6 +895,13 @@ function stats() {
     revenueAtRisk: Number((data.totalNegative * avgCostOfMistake).toFixed(2)),
     topTags: data.topTags || [],
     recentActivity: data.recentActivity || [],
+    gatesBlocked: gateData.blocked,
+    gatesWarned: gateData.warned,
+    totalGates: gateConfigData.totalGates,
+    autoPromotedGates: gateConfigData.autoPromotedGates,
+    estimatedHoursSaved: gateConfigData.estimatedHoursSaved,
+    topBlockedGate: gateConfigData.topBlocked ? gateConfigData.topBlocked.id : null,
+    firstTimeFixRate: gateConfigData.firstTimeFixRate,
   };
 
   if (args.json) {
@@ -963,6 +915,18 @@ function stats() {
   console.log(`  Approval Rate   : ${payload.approvalRate}%`);
   console.log(`  Recent Trend    : ${payload.recentTrend}%`);
 
+  // Gate enforcement — the high-ROI section
+  if (totalInterceptions > 0 || payload.totalGates > 0) {
+    console.log('\n🛡️  PRE-ACTION GATE ENFORCEMENT');
+    console.log(`  Actions blocked : ${payload.gatesBlocked}`);
+    console.log(`  Actions warned  : ${payload.gatesWarned}`);
+    console.log(`  Active gates    : ${payload.totalGates} (${payload.autoPromotedGates} auto-promoted)`);
+    if (payload.topBlockedGate) console.log(`  Top blocker     : ${payload.topBlockedGate}`);
+    console.log(`  Est. time saved : ~${payload.estimatedHoursSaved} hours`);
+    const { formatFirstTimeFixRate } = require(path.join(PKG_ROOT, 'scripts', 'gate-stats'));
+    console.log(`  First-time fix  : ${formatFirstTimeFixRate(payload.firstTimeFixRate)}`);
+  }
+
   if (payload.negatives > 0) {
     console.log('\n⚠️  REVENUE-AT-RISK ANALYSIS');
     console.log(`  Repeated Failures detected: ${payload.negatives}`);
@@ -1746,6 +1710,25 @@ function gateStats() {
   console.log('\n' + formatStats(stats) + '\n');
 }
 
+function contextPacks() {
+  const args = parseArgs(process.argv.slice(3));
+  const { generateAutoContextPacks } = require(path.join(PKG_ROOT, 'scripts', 'auto-context-packs'));
+  const result = generateAutoContextPacks();
+  if (args.json) {
+    console.log(JSON.stringify(result, null, 2));
+    return;
+  }
+  console.log(`\nGenerated ${result.packCount} context pack(s):`);
+  for (const p of result.packs) {
+    console.log(`  [${p.type}] ${p.name}`);
+    console.log(`    -> ${p.filePath}`);
+  }
+  if (result.packCount === 0) {
+    console.log('  (No failure patterns found yet — capture some feedback first.)');
+  }
+  console.log('');
+}
+
 function harnessAudit() {
   const args = parseArgs(process.argv.slice(3));
   const {
@@ -2548,6 +2531,11 @@ switch (COMMAND) {
   case 'search-lessons':
     lessons();
     break;
+  case 'notes': {
+    const { cli: notesCli } = require(path.join(PKG_ROOT, 'scripts', 'implementation-notes'));
+    notesCli(process.argv.slice(3));
+    break;
+  }
   case 'lesson-health':
   case 'stale': {
     const { initDB } = require(path.join(PKG_ROOT, 'scripts', 'lesson-db'));
@@ -2689,6 +2677,9 @@ switch (COMMAND) {
   case 'rules':
     rules();
     break;
+  case 'context-packs':
+    contextPacks();
+    break;
   case 'harness-audit':
   case 'harness':
     harnessAudit();
@@ -2884,6 +2875,29 @@ switch (COMMAND) {
     }
     break;
   }
+  case 'audit': {
+    const auditFile = process.argv[3];
+    if (!auditFile) {
+      console.error('Usage: npx thumbgate audit <path-to-transcript.txt>');
+      process.exit(1);
+    }
+    const { runAudit } = require(path.join(PKG_ROOT, 'scripts', 'audit'));
+    const { results, totalWaste, error } = runAudit(auditFile);
+    if (error) {
+      console.error(error);
+      process.exit(1);
+    }
+    console.log('\n🔍 AI Bill Audit Results\n');
+    if (results.length === 0) {
+      console.log('✅ No repeat-offender patterns found. Your sessions are efficient!');
+    } else {
+      console.table(results);
+      console.log('\n💰 Total estimated monthly waste: $' + totalWaste);
+      console.log('\nBlock these mistakes permanently with ThumbGate Pro:');
+      console.log(PRO_CHECKOUT_URL);
+    }
+    break;
+  }
   case 'dashboard':
     dashboard();
     break;

package/config/mcp-allowlists.json

@@ -68,7 +68,8 @@
       "perplexity_search",
       "perplexity_ask",
       "perplexity_research",
-      "perplexity_reason"
+      "perplexity_reason",
+      "suggest_fix"
     ],
     "essential": [
       "capture_feedback",
@@ -104,7 +105,8 @@
       "report_product_issue",
       "require_evidence_for_claim",
       "session_report",
-      "generate_operator_artifact"
+      "generate_operator_artifact",
+      "suggest_fix"
     ],
     "commerce": [
       "capture_feedback",
@@ -123,7 +125,8 @@
       "workflow_sentinel",
       "prevention_rules",
       "feedback_stats",
-      "feedback_summary"
+      "feedback_summary",
+      "suggest_fix"
     ],
     "readonly": [
       "recall",
@@ -164,7 +167,8 @@
       "session_report",
       "generate_operator_artifact",
       "perplexity_search",
-      "perplexity_ask"
+      "perplexity_ask",
+      "suggest_fix"
     ],
     "dispatch": [
       "recall",
@@ -204,7 +208,8 @@
       "session_report",
       "generate_operator_artifact",
       "perplexity_search",
-      "perplexity_ask"
+      "perplexity_ask",
+      "suggest_fix"
     ],
     "locked": [
       "feedback_summary",
@@ -228,7 +233,8 @@
       "workflow_sentinel",
       "settings_status",
       "native_messaging_audit",
-      "generate_operator_artifact"
+      "generate_operator_artifact",
+      "suggest_fix"
     ]
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.21.1",
+  "version": "1.22.0",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 33 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -31,6 +31,7 @@
     "scripts/analytics-window.js",
     "scripts/async-job-runner.js",
     "scripts/audit-trail.js",
+    "scripts/audit.js",
     "scripts/auto-promote-gates.js",
     "scripts/auto-wire-hooks.js",
     "scripts/autoresearch-runner.js",
@@ -222,6 +223,7 @@
     "openapi/",
     "public/agent-manager.html",
     "public/blog.html",
+    "public/codex-enterprise.html",
     "public/codex-plugin.html",
     "public/compare.html",
     "public/dashboard.html",
@@ -332,7 +334,7 @@
     "social:prospect:bluesky:dry": "node scripts/social-bluesky-prospecting.js --dry-run",
     "social:reply-publish:bluesky:dry": "node scripts/social-reply-monitor-bluesky.js --publish-approved --dry-run",
     "test:python": "python3 -m pytest tests/*.py",
-    "test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:post-everywhere-zernio-default && npm run test:zernio-canonical-pollers && npm run test:zernio-status && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:community-course-platform-launch-kit && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:social-dedupe-cleanup && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture",
+    "test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:post-everywhere-zernio-default && npm run test:zernio-canonical-pollers && npm run test:zernio-status && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:community-course-platform-launch-kit && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:social-dedupe-cleanup && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture && npm run test:install-shim && npm run test:hook-runtime-subcommands && npm run test:implementation-notes",
     "test:hook-stop-verify-deploy": "node --test tests/hook-stop-verify-deploy.test.js",
     "test:hook-stop-anti-claim": "node --test tests/hook-stop-anti-claim.test.js",
     "test:plausible-server-events": "node --test tests/plausible-server-events.test.js",
@@ -442,10 +444,10 @@
     "test:evolution": "node --test tests/workspace-evolver.test.js",
     "test:watcher": "node --test tests/jsonl-watcher.test.js",
     "test:autoresearch": "node --test tests/autoresearch.test.js",
-    "test:ops": "node --test tests/adk-consolidator.test.js tests/anthropic-partner-strategy.test.js tests/auto-promote-gates.test.js tests/auto-wire-hooks.test.js tests/claude-skill.test.js tests/codegraph-context.test.js tests/commercial-signals.test.js tests/decision-journal.test.js tests/delegation-runtime.test.js tests/disagreement-mining.test.js tests/failure-diagnostics.test.js tests/gate-stats.test.js tests/git-hook-installer.test.js tests/github-billing.test.js tests/intervention-policy.test.js tests/markdown-escape.test.js tests/mcp-tools-gates.test.js tests/native-messaging-audit.test.js tests/project-bayes-e2e.test.js tests/project-bayes.test.js tests/rate-limiter.test.js tests/schedule-manager.test.js tests/session-handoff.test.js tests/skill-generator.test.js tests/smart-learning.test.js tests/spike-and-sink.test.js tests/stripe-revenue.test.js tests/stripe-webhook-route.test.js tests/stripe-webhook-rotation.test.js tests/train-from-feedback.test.js tests/workflow-hardening-sprint.test.js tests/workflow-sentinel.test.js tests/test-suite-parity.test.js tests/a2ui-engine.test.js tests/webhook-delivery.test.js",
+    "test:ops": "node --test tests/adk-consolidator.test.js tests/anthropic-partner-strategy.test.js tests/auto-promote-gates.test.js tests/auto-wire-hooks.test.js tests/claude-skill.test.js tests/codegraph-context.test.js tests/commercial-signals.test.js tests/decision-journal.test.js tests/delegation-runtime.test.js tests/disagreement-mining.test.js tests/failure-diagnostics.test.js tests/gate-stats.test.js tests/git-hook-installer.test.js tests/github-billing.test.js tests/intervention-policy.test.js tests/markdown-escape.test.js tests/mcp-tools-gates.test.js tests/native-messaging-audit.test.js tests/project-bayes-e2e.test.js tests/project-bayes.test.js tests/rate-limiter.test.js tests/schedule-manager.test.js tests/session-handoff.test.js tests/skill-generator.test.js tests/smart-learning.test.js tests/spike-and-sink.test.js tests/stripe-revenue.test.js tests/stripe-webhook-route.test.js tests/stripe-webhook-rotation.test.js tests/train-from-feedback.test.js tests/workflow-hardening-sprint.test.js tests/workflow-sentinel.test.js tests/test-suite-parity.test.js tests/a2ui-engine.test.js tests/webhook-delivery.test.js tests/auto-context-packs.test.js",
     "test:session-analyzer": "node --test tests/session-analyzer.test.js",
     "test:tessl": "node --test tests/tessl-export.test.js",
-    "test:gates": "node --test tests/gate-templates.test.js tests/gates-engine.test.js tests/claim-verification.test.js tests/secret-scanner.test.js tests/secret-fixture-safety.test.js tests/prompt-guard.test.js tests/audit-trail.test.js tests/profile-router.test.js tests/workflow-sentinel.test.js tests/docker-sandbox-planner.test.js",
+    "test:gates": "node --test tests/gate-templates.test.js tests/gates-engine.test.js tests/claim-verification.test.js tests/secret-scanner.test.js tests/secret-fixture-safety.test.js tests/prompt-guard.test.js tests/audit-trail.test.js tests/profile-router.test.js tests/workflow-sentinel.test.js tests/docker-sandbox-planner.test.js tests/mcp-tools-suggest-fix.test.js",
     "test:budget": "node --test tests/budget-enforcer.test.js",
     "test:workers": "npm --prefix workers ci && npm --prefix workers test",
     "test:evoskill": "node --test tests/evoskill.test.js",
@@ -659,7 +661,15 @@
     "test:stripe-payment-link-update": "node --test tests/stripe-payment-link-update.test.js",
     "test:verify-marketing-pages-deployed": "node --test tests/verify-marketing-pages-deployed.test.js",
     "verify:marketing-pages": "node scripts/verify-marketing-pages-deployed.js",
-    "test:install-email-capture": "node --test tests/install-email-capture.test.js"
+    "test:install-email-capture": "node --test tests/install-email-capture.test.js",
+    "test:install-shim": "node --test tests/install-shim.test.js",
+    "test:hook-runtime-subcommands": "node --test tests/hook-runtime-subcommands.test.js",
+    "test:implementation-notes": "node --test tests/implementation-notes.test.js",
+    "test:lessons-page-clickability": "playwright test tests/e2e/lessons-page-clickability.spec.js",
+    "test:index-page-clickability": "playwright test tests/e2e/index-page-clickability.spec.js",
+    "test:dashboard-page-clickability": "playwright test tests/e2e/dashboard-page-clickability.spec.js",
+    "test:agent-manager-page-clickability": "playwright test tests/e2e/agent-manager-page-clickability.spec.js",
+    "test:pricing-page-clickability": "playwright test tests/e2e/pricing-page-clickability.spec.js"
   },
   "keywords": [
     "mcp",

package/public/agent-manager.html

@@ -76,7 +76,7 @@
       </tr>
       <tr>
         <td><strong>Plugin marketplace</strong><br>Deciding which Claude Code / Cursor / Codex plugins are blessed and which are not.</td>
-        <td>ThumbGate ships as a Claude Code plugin, a Cursor extension, a Codex plugin, and a Gemini CLI hook. One install, every supported agent. Adapter compatibility matrix kept current as runtimes change.</td>
+        <td>ThumbGate ships as a Claude Code plugin, a Cursor extension (Marketplace listing pending Cursor's review since 2026-05-19; runtime install works today via <code>npx thumbgate init --agent cursor</code>), a Codex plugin, and a Gemini CLI hook. One install, every supported agent. Adapter compatibility matrix kept current as runtimes change.</td>
       </tr>
       <tr>
         <td><strong>Permissions policy</strong><br>What an agent is allowed to execute, against which surfaces, with which evidence required.</td>