thumbgate 1.21.2 → 1.23.0

package/public/codex-enterprise.html

@@ -0,0 +1,123 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ThumbGate for Codex in the Enterprise — Governance for OpenAI Codex (Dell-Distributed or Self-Hosted)</title>
+<script defer data-domain="thumbgate-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="OpenAI and Dell are distributing Codex into the enterprise. Codex in production needs a governance layer — capture every agent decision, promote repeat failures to PreToolUse gates, ship the audit trail procurement requires.">
+<meta property="og:title" content="ThumbGate for Codex in the Enterprise">
+<meta property="og:description" content="Dell-distributed or self-hosted, Codex agents repeat the same mistakes. ThumbGate is the governance layer underneath — capture, promote, audit.">
+<meta property="og:type" content="article">
+<meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
+<link rel="canonical" href="https://thumbgate-production.up.railway.app/codex-enterprise">
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "ThumbGate for Codex in the Enterprise",
+  "description": "Dell-distributed or self-hosted, Codex agents in production need a governance layer. ThumbGate captures every agent decision, promotes repeat failures to PreToolUse gates, and ships the audit trail enterprise procurement requires.",
+  "datePublished": "2026-05-20",
+  "dateModified": "2026-05-20",
+  "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate-production.up.railway.app" },
+  "about": [
+    { "@type": "Thing", "name": "OpenAI Codex" },
+    { "@type": "Thing", "name": "Dell Codex Enterprise" },
+    { "@type": "Thing", "name": "Agent Governance" },
+    { "@type": "Thing", "name": "PreToolUse Gates" }
+  ]
+}
+</script>
+<style>
+  *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
+  :root { --bg:#0a0a0b; --card:#161618; --border:#222225; --text:#e8e8ec; --muted:#8b8b94; --cyan:#22d3ee; }
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg); color: var(--text); line-height: 1.7; }
+  .container { max-width: 860px; margin: 0 auto; padding: 2rem 1.5rem 4rem; }
+  nav { padding: 1rem 2rem; border-bottom: 1px solid var(--border); display:flex; gap:1.5rem; flex-wrap:wrap; }
+  nav a { color: var(--muted); text-decoration:none; font-size:0.9rem; }
+  nav .brand { color: var(--text); font-weight:700; }
+  .pill { display:inline-block; font-size:0.75rem; letter-spacing:0.08em; text-transform:uppercase; color:var(--cyan); background:rgba(34,211,238,0.08); border:1px solid rgba(34,211,238,0.2); padding:4px 12px; border-radius:100px; margin-top:1.5rem; font-weight:600; }
+  h1 { font-size:2.2rem; line-height:1.15; margin:1rem 0 1rem; }
+  h2 { font-size:1.45rem; margin:2.2rem 0 1rem; color:var(--cyan); }
+  h3 { margin:0.6rem 0; font-size:1rem; }
+  p, li { margin-bottom:0.75rem; }
+  ul, ol { padding-left:1.25rem; }
+  .card { background: var(--card); border:1px solid var(--border); border-radius:12px; padding:1.25rem; margin:1rem 0; }
+  .grid { display:grid; grid-template-columns:repeat(auto-fit,minmax(220px,1fr)); gap:1rem; margin:1rem 0; }
+  .grid .card h3 { color:var(--cyan); }
+  .cta { display:inline-block; background:var(--cyan); color:#000; padding:0.8rem 1.2rem; border-radius:8px; text-decoration:none; font-weight:700; }
+  .secondary { color:var(--cyan); text-decoration:underline; margin-left:1rem; }
+  .quote { border-left:3px solid var(--cyan); padding:0.75rem 1rem; margin:1rem 0; color:var(--muted); font-style:italic; }
+  code, pre { font-family: ui-monospace, SFMono-Regular, Menlo, monospace; background:#0f0f11; border:1px solid var(--border); border-radius:6px; padding:0.15rem 0.4rem; font-size:0.9rem; }
+  pre { padding:0.85rem 1rem; overflow-x:auto; }
+  .footer-links { margin-top:2.5rem; padding-top:1.25rem; border-top:1px solid var(--border); color:var(--muted); font-size:0.9rem; }
+  .footer-links a { color:var(--cyan); text-decoration:none; }
+</style>
+</head>
+<body>
+<nav>
+  <a href="/" class="brand">ThumbGate</a>
+  <a href="/guide">Guide</a>
+  <a href="/agent-manager">Agent Manager</a>
+  <a href="/codex-plugin">Codex plugin</a>
+  <a href="/dashboard">Dashboard demo</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+<div class="container">
+  <span class="pill">Codex in the Enterprise</span>
+  <h1>Codex in production needs a governance layer. Dell-distributed or self-hosted, agents repeat the same mistakes.</h1>
+  <p>OpenAI and Dell <a href="https://openai.com/index/dell-codex-enterprise-partnership/" target="_blank" rel="noopener" style="color:var(--cyan)">just announced</a> a partnership to distribute Codex into the enterprise — Dell PCs, Dell servers, and Dell's enterprise sales motion become a delivery channel for OpenAI's coding agent. Codex's addressable market jumps from individual developer install to org-wide procurement. The governance gap jumps with it: every enterprise that turns Codex on now needs a runtime layer that captures what the agent did, blocks the repeat failures, and produces the audit trail their security review will ask for.</p>
+  <p>ThumbGate already ships a <a href="/codex-plugin">Codex plugin</a>. The free CLI is real, MIT-licensed, and the gates work locally without a hosted account. This page is what that plugin maps to once Codex is no longer one developer's experiment but a procurement line item.</p>
+
+  <h2>What the governance layer ships</h2>
+  <div class="grid">
+    <div class="card">
+      <h3>Capture every agent decision as it happens</h3>
+      <p>The Thariq pattern — running implementation notes that record decisions, assumptions (marked VERIFIED or UNVERIFIED), tradeoffs, and corrections — productionized as a Codex hook. Every multi-step task gets a structured journal you can review async without re-reading the entire transcript.</p>
+    </div>
+    <div class="card">
+      <h3>Promote repeat failures to PreToolUse gates</h3>
+      <p>When the same agent mistake shows up twice, ThumbGate distills it into a prevention rule and blocks the next attempt at the tool-call boundary — with the rule that fired in the agent's reasoning trace, so Codex chooses a safer plan instead of being told to "be more careful."</p>
+    </div>
+    <div class="card">
+      <h3>Audit trail enterprise procurement requires</h3>
+      <p>Per-tool-call evidence, per-rule provenance, exportable for SOC 2 / ISO 27001 / EU AI Act review. The hosted dashboard rolls this up across repos so the Agent Manager role has one surface instead of N developer machines.</p>
+    </div>
+  </div>
+
+  <h2>Why this matters now</h2>
+  <p>The Dell distribution channel changes who buys Codex. The individual-developer install is opt-in; the enterprise procurement install is policy-driven. The teams approving the Codex line item will ask three questions ThumbGate is built to answer:</p>
+  <ol>
+    <li><strong>What did the agent do?</strong> — capture, with evidence, on every tool call.</li>
+    <li><strong>What did we stop it from doing?</strong> — PreToolUse gates with the rule that fired and why.</li>
+    <li><strong>How do you keep this current as Codex updates?</strong> — adapter matrix that's CI-checked against upstream.</li>
+  </ol>
+  <div class="quote">"Dell-distributed Codex into the enterprise is the moment governance moves from optional to procurement-required. The runtime that captures, blocks, and audits is the line item underneath the line item."</div>
+
+  <h2>Install</h2>
+  <p>One repo, one command:</p>
+  <pre><code>npx thumbgate init --agent codex</code></pre>
+  <p>This wires the Codex hook, sets up the local lesson DB, and gives you the capture/promote/block loop without a hosted account. If you want the standalone Codex plugin as a self-contained zip — for offline distribution to Dell-managed machines or for security review — grab it from <a href="https://github.com/IgorGanapolsky/ThumbGate/releases" target="_blank" rel="noopener" style="color:var(--cyan)">GitHub releases</a> (look for <code>codex-plugin-*.zip</code>).</p>
+
+  <div class="card">
+    <p><strong>The free CLI is real. The paid tier is the hosted dashboard, the org-wide rule library, and the operator the Agent Manager doesn't have to be themselves.</strong></p>
+    <p>
+      <a href="/#workflow-sprint-intake?utm_source=website&amp;utm_medium=codex_enterprise_page&amp;utm_campaign=codex_enterprise_sprint&amp;cta_id=codex_enterprise_sprint_intake&amp;cta_placement=codex_enterprise_page" class="cta">Start the Workflow Hardening Sprint</a>
+      <a href="/checkout/pro?utm_source=website&amp;utm_medium=codex_enterprise_page&amp;utm_campaign=pro_upgrade&amp;cta_id=codex_enterprise_pro_checkout&amp;cta_placement=codex_enterprise_page&amp;plan_id=pro" class="secondary">Or start Pro at $19/mo →</a>
+    </p>
+  </div>
+
+  <h2>Related reading</h2>
+  <ul>
+    <li><a href="/agent-manager">ThumbGate for the Agent Manager</a> — the role inside the enterprise that owns Codex rollout policy.</li>
+    <li><a href="/codex-plugin">Codex plugin overview</a> — the standalone plugin surface this page rides on top of.</li>
+    <li><a href="/compare">Compare</a> — how governance compares to orchestration suites under the same Codex install.</li>
+  </ul>
+
+  <div class="footer-links">
+    Built for teams who turned on Codex and discovered "tell the model to be more careful" doesn't scale. See also <a href="/agent-manager">/agent-manager</a> for the role-level framing.
+  </div>
+</div>
+</body>
+</html>

package/public/codex-plugin.html

@@ -12,7 +12,7 @@
 <meta property="og:type" content="website">
 <meta property="og:url" content="https://thumbgate-production.up.railway.app/codex-plugin">
 <link rel="canonical" href="https://thumbgate-production.up.railway.app/codex-plugin">
-<link rel="llm-context" href="/public/llm-context.md" type="text/markdown">
+<link rel="llm-context" href="/llm-context.md" type="text/markdown">
 
 <script type="application/ld+json">
 {

package/public/dashboard.html

@@ -247,9 +247,9 @@
 
   <!-- STATS -->
   <div class="stats-grid" id="statsGrid">
-    <a class="stat-card" data-card-action="all" onclick="selectCard(this,'all')" href="/lessons" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view all feedback → Lessons page"><div class="stat-label">Total Feedback</div><div class="stat-value cyan" id="statTotal">—</div></a>
-    <a class="stat-card" data-card-action="up" onclick="selectCard(this,'up')" href="/lessons?signal=positive" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view positive feedback → Lessons page"><div class="stat-label">👍 Positive</div><div class="stat-value green" id="statPositive">—</div></a>
-    <a class="stat-card" data-card-action="down" onclick="selectCard(this,'down')" href="/lessons?signal=negative" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view negative feedback → Lessons page"><div class="stat-label">👎 Negative</div><div class="stat-value red" id="statNegative">—</div></a>
+    <a class="stat-card" data-card-action="all" onclick="selectCard(this,'all')" href="/lessons?signal=all" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view all feedback → Lessons page"><div class="stat-label">Total Feedback</div><div class="stat-value cyan" id="statTotal">—</div></a>
+    <a class="stat-card" data-card-action="up" onclick="selectCard(this,'up')" href="/lessons?signal=up" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view positive feedback → Lessons page"><div class="stat-label">👍 Positive</div><div class="stat-value green" id="statPositive">—</div></a>
+    <a class="stat-card" data-card-action="down" onclick="selectCard(this,'down')" href="/lessons?signal=down" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view negative feedback → Lessons page"><div class="stat-label">👎 Negative</div><div class="stat-value red" id="statNegative">—</div></a>
     <a class="stat-card" data-card-action="gates" onclick="selectCard(this,'gates');return false;" href="#" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view active checks"><div class="stat-label">Active Gates</div><div class="stat-value cyan" id="statGates">—</div></a>
   </div>
 
@@ -750,10 +750,23 @@ function setSource(el, source) {
 function switchTab(name) {
   document.querySelectorAll('.tab').forEach(function(t) { t.classList.remove('active'); });
   document.querySelectorAll('.tab-content').forEach(function(c) { c.classList.remove('active'); });
-  var tabEl = document.querySelector('[onclick*="' + name + '"]');
+  // Scope the header lookup to .tab — the prior selector
+  // [onclick*="<name>"] also matched the stat-cards (which carry onclick
+  // attributes like selectCard(this,'gates')), and a stat-card appears
+  // before the tab header in DOM order, so for 'gates' the wrong element
+  // (the card) got the .active class and the tab header stayed dormant.
+  var tabEl = document.querySelector('.tab[onclick*="' + name + '"]');
   var contentEl = document.getElementById('tab-' + name);
   if (tabEl) tabEl.classList.add('active');
-  if (contentEl) contentEl.classList.add('active');
+  if (contentEl) {
+    contentEl.classList.add('active');
+    // Stat-card clicks fire switchTab from above the fold; without this scroll
+    // the user sees "nothing happen" because the just-activated content sits
+    // below the viewport. Same class of bug as the /lessons tile fix in #2268.
+    try {
+      contentEl.scrollIntoView({ behavior: 'smooth', block: 'start' });
+    } catch (_e) { /* older browsers without smooth-scroll: no-op */ }
+  }
   // Sync URL hash so deep-links stay shareable without scroll jump
   try {
     if (('#' + name) !== window.location.hash) {

package/public/index.html

@@ -19,7 +19,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://thumbgate-production.up.railway.app/og.png">
-<meta name="thumbgate-version" content="1.21.2">
+<meta name="thumbgate-version" content="1.23.0">
 <meta name="keywords" content="ThumbGate, thumbgate, AI agent orchestration, AI experience orchestration, agent enforcement layer, save LLM tokens, reduce Claude API cost, reduce OpenAI cost, AI agent token savings, prevent LLM retries, prevent hallucination retries, stop AI token waste, pre-action checks, agent governance, Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, workflow hardening, context engineering, AI authenticity, brand authenticity AI">
 <link rel="apple-touch-icon" href="/apple-touch-icon.png">
 
@@ -721,7 +721,7 @@ __GA_BOOTSTRAP__
       </div>
       <a href="/go/install?utm_source=website&utm_medium=hero_cta&utm_campaign=install_free&cta_id=hero_install_cli&cta_placement=hero" onclick="event.preventDefault(); navigator.clipboard.writeText('npx thumbgate init'); this.textContent='Copied ✓ — paste in your repo'; setTimeout(()=>{this.textContent='Install Free CLI'},2000); try{posthog.capture('hero_install_click',{cta:'install_cli'})}catch(_){}" class="btn-gpt-page btn-install-hero" title="Click to copy: npx thumbgate init">Install Free CLI</a>
       <a href="#workflow-sprint-intake" onclick="try{posthog.capture('hero_sprint_click',{cta:'sprint_intake'})}catch(_){};sendFirstPartyTelemetry('hero_sprint_intake_started',{ctaId:'hero_workflow_sprint',ctaPlacement:'hero',offer:'workflow_sprint'});" class="btn-pro-page hero-pro">Talk to me — Workflow Hardening Sprint →</a>
-      <a href="#demo" onclick="try{posthog.capture('hero_demo_click',{cta:'watch_demo'})}catch(_){};sendFirstPartyTelemetry('hero_demo_clicked',{ctaId:'hero_watch_demo',ctaPlacement:'hero'});" class="btn-free" style="font-size:15px;padding:14px 22px;">▶ Watch the 90-second demo</a>
+      <a href="#demo" onclick="try{posthog.capture('hero_demo_click',{cta:'see_enforcement'})}catch(_){};sendFirstPartyTelemetry('hero_demo_clicked',{ctaId:'hero_see_enforcement',ctaPlacement:'hero'});" class="btn-free" style="font-size:15px;padding:14px 22px;">See the enforcement in action</a>
     </div>
 
     <div class="hero-trust-bar">
@@ -928,8 +928,8 @@ __GA_BOOTSTRAP__
         <div class="card-arrow">Open the Codex install page →</div>
       </a>
       <a class="compat-card" href="/guides/cursor-prevent-repeated-mistakes" rel="noopener">
-        <h3>🎯 Cursor plugin</h3>
-        <p>Drop the ThumbGate MCP config into <code>.cursor/mcp.json</code> and Cursor gets the same pre-action checks as Claude Code and Codex. Ships with bundled rules, commands, hooks, and agents.</p>
+        <h3>🎯 Cursor plugin <span style="font-size:12px;font-weight:500;color:var(--text-muted);">(Marketplace review pending)</span></h3>
+        <p>Drop the ThumbGate MCP config into <code>.cursor/mcp.json</code> and Cursor gets the same pre-action checks as Claude Code and Codex. Ships with bundled rules, commands, hooks, and agents. The runtime install works today via <code>npx thumbgate init --agent cursor</code>; the official Cursor Marketplace listing was submitted 2026-05-19 and is awaiting Cursor's manual review.</p>
         <div class="card-arrow">Read the Cursor guide →</div>
       </a>
       <a class="compat-card" href="/guide" rel="noopener">
@@ -1408,7 +1408,7 @@ __GA_BOOTSTRAP__
       </div>
       <div class="faq-item">
         <div class="faq-q" role="button" tabindex="0" aria-expanded="false" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)">What AI agents and editors does this work with?</div>
-        <div class="faq-a">ThumbGate works with Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode, and any other MCP-compatible agent. Cursor ships with a plugin bundle in this repo. Codex now ships both a standalone plugin bundle and a repo-local app plugin profile, and the published download is linked directly from this page. VS Code works when you run an MCP-compatible agent inside it, but this repo does not ship a standalone VS Code extension today.</div>
+        <div class="faq-a">ThumbGate works with Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode, and any other MCP-compatible agent. The Cursor plugin bundle ships in this repo and installs today via <code>npx thumbgate init --agent cursor</code>; the Cursor Marketplace listing was submitted 2026-05-19 and is still pending Cursor's manual review, so it is not yet discoverable from the in-app Marketplace. Codex now ships both a standalone plugin bundle and a repo-local app plugin profile, and the published download is linked directly from this page. VS Code works when you run an MCP-compatible agent inside it, but this repo does not ship a standalone VS Code extension today.</div>
       </div>
       <div class="faq-item">
         <div class="faq-q" role="button" tabindex="0" aria-expanded="false" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)">Do I have to chat inside the ThumbGate GPT for enforcement?</div>
@@ -1492,7 +1492,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.21.2</span>
+    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.23.0</span>
   </div>
 </footer>
 
@@ -1672,6 +1672,13 @@ function copyInstall(el) {
     toggleFaq(event.currentTarget);
   }
 
+  // Hoist FAQ handlers to window scope so the inline `onclick="toggleFaq(this)"`
+  // attributes on every FAQ question can resolve them. Without this, every FAQ
+  // click silently throws ReferenceError — all 13 FAQ items on the landing
+  // page are dead. Discovered by comprehensive E2E coverage in this PR.
+  window.toggleFaq = toggleFaq;
+  window.handleFaqKeydown = handleFaqKeydown;
+
   /* CTA clicks */
   trackClick('.btn-pro', 'checkout_start', { tier: 'pro', price: 19, billing: 'monthly' });
   trackClick('.btn-gpt-page:not(.btn-install-hero)', 'chatgpt_gpt_click', { tier: 'free', source: 'homepage_gpt' });

package/public/lessons.html

@@ -449,6 +449,18 @@ function switchTab(name) {
   // Highlight the corresponding stat card
   var cardMap = { rules: 0, timeline: 2, insights: 3 };
   highlightCard(cardMap[name] !== undefined ? cardMap[name] : -1);
+  // Scroll the active tab content into view so the click has a visible effect.
+  // Without this, clicking a stat card or tab header when its content is below
+  // the fold appears to do nothing — the tab changes silently and the user
+  // never sees the new content. The tab-strip itself stays visible so the
+  // selected-state is still observable.
+  if (content && typeof content.scrollIntoView === 'function') {
+    try {
+      content.scrollIntoView({ behavior: 'smooth', block: 'start' });
+    } catch (_err) {
+      content.scrollIntoView();
+    }
+  }
   if (typeof plausible === 'function') plausible('lessons_tab', { props: { tab: name } });
 }
 
@@ -922,6 +934,28 @@ async function loadLive() {
 }
 
 loadLive().then(function() {
+  // Handle ?signal= query param from dashboard stat-card navigation.
+  // Vocabulary: 'up' | 'down' | 'all' (canonical). Also accepts the legacy
+  // 'positive' | 'negative' aliases the dashboard once emitted.
+  var qsSignal = new URLSearchParams(window.location.search).get('signal');
+  if (qsSignal) {
+    var signalMap = { positive: 'up', negative: 'down', up: 'up', down: 'down', all: 'all' };
+    var mapped = signalMap[qsSignal];
+    if (mapped) {
+      switchTab('timeline');
+      filterTimeline(mapped, null);
+      var filterBtns = document.querySelectorAll('#tab-timeline .filter-btn');
+      filterBtns.forEach(function(b) {
+        var label = b.textContent.trim().toLowerCase();
+        var match = (mapped === 'all' && label === 'all') ||
+                    (mapped === 'up' && (label.indexOf('👍') !== -1 || label.indexOf('positive') !== -1 || label === 'up')) ||
+                    (mapped === 'down' && (label.indexOf('👎') !== -1 || label.indexOf('negative') !== -1 || label === 'down'));
+        b.classList.toggle('active', match);
+      });
+      return;
+    }
+  }
+
   // Default: highlight Active Rules card on page load
   highlightCard(0);
 

package/public/numbers.html

@@ -25,7 +25,7 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.21.2",
+  "softwareVersion": "1.23.0",
   "url": "https://thumbgate-production.up.railway.app/numbers",
   "dateModified": "2026-05-07",
   "creator": {
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.21.2</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.23.0</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
 
   <h2>Gate enforcement</h2>

package/public/pricing.html

@@ -213,7 +213,7 @@ __GA_BOOTSTRAP__
   <div class="container">
     <a href="/" class="nav-logo">ThumbGate</a>
     <div class="nav-links">
-      <a href="/#features">Features</a>
+      <a href="/#how-it-works">Features</a>
       <a href="/pricing" style="color:var(--text);">Pricing</a>
       <a href="/guide">Guide</a>
       <a href="/dashboard">Dashboard</a>

package/scripts/auto-wire-hooks.js

@@ -27,6 +27,7 @@ const {
   statuslineCommand,
   userPromptHookCommand,
 } = require('./hook-runtime');
+const { installShim } = require('./install-shim');
 
 function getHome() {
   return process.env.HOME || process.env.USERPROFILE || '';
@@ -338,6 +339,19 @@ function wireClaudeHooks(options) {
     options.projectSettingsPath || claudeProjectSettingsPath(options.projectDir);
   const dryRun = options.dryRun || false;
   const projectDir = options.projectDir || process.cwd();
+
+  // --- Install stable shim before resolving hook commands ---
+  // The shim at ~/.thumbgate/bin/thumbgate-hook always resolves @latest,
+  // so hooks never go stale across version bumps (Volta-style pattern).
+  // Skip in source-checkout mode — developers use direct node commands.
+  if (!dryRun && !require('./mcp-config').isSourceCheckout(path.join(__dirname, '..'))) {
+    try {
+      installShim();
+    } catch {
+      // Non-fatal: fall back to version-pinned commands
+    }
+  }
+
   const desiredStatusLine = statuslineCommand();
 
   // --- Step 0: clean up stale hooks from BOTH settings locations ---

package/scripts/build-metadata.js

@@ -16,6 +16,13 @@ function normalizeNullableText(value) {
 }
 
 function resolveBuildMetadata({ env = process.env, filePath } = {}) {
+  // Precedence: immutable JSON file (baked into Docker image at build time, so it
+  // ALWAYS matches the deployed code) wins over runtime env vars. Env vars are
+  // mutable Railway/host config that can drift — they shadowed the freshly-stamped
+  // SHA in prod on 2026-05-20 and made /health lie about the deployed commit.
+  // Fall back to env vars only when the file is missing or its values are null,
+  // and require an explicit SHA env var (not just a stray GENERATED_AT) before
+  // trusting the env branch.
   const resolvedPath =
     normalizeNullableText(filePath) ||
     normalizeNullableText(env.THUMBGATE_BUILD_METADATA_PATH) ||
@@ -23,28 +30,40 @@ function resolveBuildMetadata({ env = process.env, filePath } = {}) {
   const envBuildSha = normalizeNullableText(env[BUILD_SHA_ENV_KEY]);
   const envGeneratedAt = normalizeNullableText(env[BUILD_GENERATED_AT_ENV_KEY]);
 
-  if (envBuildSha || envGeneratedAt) {
-    return {
-      path: resolvedPath,
-      buildSha: envBuildSha,
-      generatedAt: envGeneratedAt,
-    };
-  }
-
+  let fileBuildSha = null;
+  let fileGeneratedAt = null;
   try {
     const parsed = JSON.parse(fs.readFileSync(resolvedPath, 'utf8'));
+    fileBuildSha = normalizeNullableText(parsed.buildSha);
+    fileGeneratedAt = normalizeNullableText(parsed.generatedAt);
+  } catch {
+    // file missing or unreadable — fall through to env branch
+  }
+
+  if (fileBuildSha) {
     return {
       path: resolvedPath,
-      buildSha: normalizeNullableText(parsed.buildSha),
-      generatedAt: normalizeNullableText(parsed.generatedAt),
+      buildSha: fileBuildSha,
+      generatedAt: fileGeneratedAt || envGeneratedAt,
     };
-  } catch {
+  }
+
+  // No SHA in the file — fall back to env only if an explicit SHA is set.
+  // (Previously a bare GENERATED_AT with no SHA could short-circuit and return
+  // { buildSha: null }, losing both signals; now we require the SHA.)
+  if (envBuildSha) {
     return {
       path: resolvedPath,
-      buildSha: null,
-      generatedAt: null,
+      buildSha: envBuildSha,
+      generatedAt: envGeneratedAt,
     };
   }
+
+  return {
+    path: resolvedPath,
+    buildSha: null,
+    generatedAt: fileGeneratedAt || envGeneratedAt,
+  };
 }
 
 function writeBuildMetadataFile({ sha, outputPath, generatedAt = new Date().toISOString() }) {

package/scripts/cli-telemetry.js

@@ -10,6 +10,9 @@ const _DEFAULT_TELEMETRY_HOST = 'https://thumbgate-production.up.railway.app';
 const TELEMETRY_ENDPOINT = `${process.env.THUMBGATE_API_URL || _DEFAULT_TELEMETRY_HOST}/v1/telemetry/ping`;
 const INSTALL_ID_PATH = path.join(process.env.HOME || process.env.USERPROFILE || '.', '.thumbgate', 'install-id');
 
+// Session ID: random per process invocation. Groups all events from one CLI run.
+const SESSION_ID = crypto.randomUUID ? crypto.randomUUID() : crypto.randomBytes(16).toString('hex');
+
 /**
  * Get or create a stable anonymous install ID.
  * This is NOT tied to any personal info — it's a random UUID stored locally.
@@ -61,7 +64,9 @@ function trackEvent(eventType, metadata = {}) {
   const payload = JSON.stringify({
     eventType,
     installId: getInstallId(),
+    sessionId: SESSION_ID,
     visitorType: classifyInstall(),
+    clientType: 'cli',
     platform: os.platform(),
     arch: os.arch(),
     nodeVersion: process.version,
@@ -87,4 +92,4 @@ function trackEvent(eventType, metadata = {}) {
   } catch (_) {} // never crash the CLI
 }
 
-module.exports = { trackEvent, getInstallId, classifyInstall, INSTALL_ID_PATH };
+module.exports = { trackEvent, getInstallId, classifyInstall, INSTALL_ID_PATH, SESSION_ID };

package/scripts/gate-stats.js

@@ -9,6 +9,7 @@ const { sequencePathFor } = require('./risk-scorer');
 
 const PROJECT_ROOT = path.join(__dirname, '..');
 const MANUAL_GATES_PATH = path.join(PROJECT_ROOT, 'config', 'gates', 'default.json');
+const STATS_PATH = path.join(process.env.HOME || '/tmp', '.thumbgate', 'gate-stats.json');
 
 function loadGatesFile(filePath) {
   if (!fs.existsSync(filePath)) return [];
@@ -65,6 +66,15 @@ function calculateStats() {
   // sample can produce a misleading 0.0% floor.
   const bayesErrorRate = tryComputeBayesErrorRate();
 
+  // Calibration: per-gate assessment of whether block actions are well-supported
+  // by negative feedback, or potentially over/under-blocking without confirmation.
+  const calibration = computeCalibration(allGates);
+
+  // First-time fix rate: 1 - (recurringBlocks / totalBlocksAndWarns)
+  // Measures how often a single gate fire resolves the issue vs the agent retrying.
+  // Returns null when there is no recorded block/warn data yet.
+  const firstTimeFixRate = computeFirstTimeFixRate();
+
   return {
     totalGates: allGates.length,
     manualGates: manualGates.length,
@@ -77,10 +87,70 @@ function calculateStats() {
     lastPromotion,
     estimatedHoursSaved,
     bayesErrorRate,
+    calibration,
+    firstTimeFixRate,
     gates: allGates,
   };
 }
 
+/**
+ * Assess each gate's calibration by comparing block occurrences to confirmed
+ * negative feedback counts. A gate with many blocks but no confirming negative
+ * feedback may be over-blocking; one with matching feedback is well-calibrated.
+ *
+ * @param {Array} gates - Combined array of manual + auto-promoted gate objects
+ * @returns {Array<{gateId: string, occurrences: number, action: string, calibrationNote: string}>}
+ */
+function computeCalibration(gates) {
+  const calibration = [];
+  for (const gate of gates || []) {
+    if (!gate || !gate.id) continue;
+    const occurrences = Number(gate.occurrences || 0);
+    const action = gate.action || 'unknown';
+    // Only annotate gates with recorded occurrence data
+    if (occurrences === 0) continue;
+
+    if (action === 'block') {
+      const confirmedNegative = Number(gate.confirmedNegative || gate.negativeCount || 0);
+      let calibrationNote;
+      if (occurrences > 10 && confirmedNegative === 0) {
+        calibrationNote = `over-blocking (${occurrences} blocks, 0 confirmed)`;
+      } else if (confirmedNegative > 0) {
+        calibrationNote = `well-calibrated (${occurrences} blocks, ${confirmedNegative} confirmed)`;
+      } else {
+        // Low occurrence count with no feedback — not enough data yet
+        calibrationNote = `insufficient data (${occurrences} blocks, 0 confirmed)`;
+      }
+      calibration.push({ gateId: gate.id, occurrences, action, calibrationNote });
+    }
+  }
+  return calibration;
+}
+
+/**
+ * Compute the first-time fix rate from the persisted gate-stats.json file.
+ *
+ * firstTimeFixRate = 1 - (recurringBlocks / totalBlocksAndWarns)
+ *
+ * Returns null when there are no recorded block/warn events yet.
+ * Returns a number in [0, 1] otherwise, where 1.0 means every gate fire
+ * was a first-time occurrence and 0.0 means every gate fired at least twice.
+ */
+function computeFirstTimeFixRate() {
+  try {
+    if (!fs.existsSync(STATS_PATH)) return null;
+    const raw = fs.readFileSync(STATS_PATH, 'utf8');
+    const data = JSON.parse(raw);
+    const totalBlocksAndWarns = (data.blocked || 0) + (data.warned || 0);
+    if (totalBlocksAndWarns === 0) return null;
+    const recurring = data.recurringBlocks || 0;
+    const rate = 1 - (recurring / totalBlocksAndWarns);
+    return Math.max(0, Math.min(1, rate));
+  } catch {
+    return null;
+  }
+}
+
 function tryComputeBayesErrorRate() {
   try {
     const seqPath = sequencePathFor();
@@ -142,6 +212,13 @@ function formatStats(stats) {
   lines.push(`  Last promotion: ${formatLastPromotion(stats.lastPromotion)}`);
   lines.push(`  Estimated time saved: ~${stats.estimatedHoursSaved} hours`);
   lines.push(`  Bayes error rate: ${formatBayesErrorRate(stats.bayesErrorRate)}`);
+  lines.push(`  First-time fix rate: ${formatFirstTimeFixRate(stats.firstTimeFixRate)}`);
+  if (Array.isArray(stats.calibration) && stats.calibration.length > 0) {
+    lines.push('Calibration:');
+    for (const entry of stats.calibration) {
+      lines.push(`  - ${entry.gateId}: ${entry.calibrationNote}`);
+    }
+  }
   return lines.join('\n');
 }
 
@@ -153,6 +230,14 @@ function formatBayesErrorRate(rate) {
   return `${pct}% — high irreducible error; the feature set can't discriminate`;
 }
 
+function formatFirstTimeFixRate(rate) {
+  if (rate === null || rate === undefined) return 'n/a (no blocks or warns recorded yet)';
+  const pct = (rate * 100).toFixed(1);
+  if (rate >= 0.95) return `${pct}% — agents fix issues on first block (excellent)`;
+  if (rate >= 0.80) return `${pct}% — most blocks resolved first time (good)`;
+  return `${pct}% — recurring blocks detected; agents may be ignoring gate feedback`;
+}
+
 if (require.main === module) {
   try {
     const stats = calculateStats();
@@ -168,7 +253,11 @@ module.exports = {
   formatStats,
   formatLastPromotion,
   formatBayesErrorRate,
+  formatFirstTimeFixRate,
+  computeFirstTimeFixRate,
   loadGatesFile,
   tryComputeBayesErrorRate,
+  computeCalibration,
   MANUAL_GATES_PATH,
+  STATS_PATH,
 };