thumbgate 1.23.0 → 1.23.1

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.23.0",
+  "version": "1.23.1",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -14,7 +14,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.23.0",
+      "version": "1.23.1",
       "author": {
         "name": "Igor Ganapolsky",
         "email": "ig5973700@gmail.com",

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
-  "version": "1.23.0",
+  "version": "1.23.1",
   "author": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com",

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.23.0",
+  "version": "1.23.1",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "transport": "stdio",

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.23.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.23.1", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.23.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.23.1", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -216,7 +216,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.23.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.23.1' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.23.0",
+        "thumbgate@1.23.1",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -939,6 +939,17 @@ function capture() {
       }
     }
     console.log('');
+    try {
+      const { buildCaptureReceipt } = require(path.join(PKG_ROOT, 'scripts', 'commercial-offer'));
+      console.log(buildCaptureReceipt({
+        signal: normalized,
+        feedbackId: ev.id,
+        memoryId: mem.id,
+        actionType: ev.actionType,
+      }));
+    } catch (_) {
+      // Receipt is a conversion aid, not part of feedback persistence.
+    }
     proNudge();
   } else {
     if (args.json) {
@@ -1022,6 +1033,13 @@ function stats() {
   } else {
     console.log('\n✅ System is currently high-reliability. No immediate revenue loss detected.');
   }
+  try {
+    const { buildStatsReceipt } = require(path.join(PKG_ROOT, 'scripts', 'commercial-offer'));
+    const receipt = buildStatsReceipt(payload);
+    if (receipt) console.log(receipt);
+  } catch (_) {
+    // Keep stats resilient if the receipt helper is unavailable in old installs.
+  }
   proNudge();
 }
 

package/config/post-deploy-marketing-pages.json

@@ -27,6 +27,11 @@
       "sentinel": "ThumbGate",
       "description": "First-party numbers / data transparency page"
     },
+    {
+      "route": "/ai-malpractice-prevention",
+      "sentinel": "AI Intake Risk Controls for Law Firms",
+      "description": "Legal AI intake risk-controls page for law-firm pilot conversations"
+    },
     {
       "route": "/llm-context.md",
       "sentinel": "## What ThumbGate Is",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.23.0",
+  "version": "1.23.1",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 33 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -638,7 +638,7 @@
     "test:high-roi": "node --test tests/high-roi.test.js tests/model-candidates.test.js tests/autonomous-workflow.test.js tests/high-roi-agent-workflows.test.js tests/interaction-model.test.js tests/interaction-model-e2e.test.js tests/code-graph-guardrails.test.js tests/proxy-pointer-rag-guardrails.test.js tests/rag-precision-guardrails.test.js tests/ai-engineering-stack-guardrails.test.js tests/long-running-agent-context-guardrails.test.js tests/reasoning-efficiency-guardrails.test.js tests/deepseek-v4-runtime-guardrails.test.js tests/upstream-contribution-engine.test.js tests/proactive-agent-eval-guardrails.test.js tests/reward-hacking-guardrails.test.js tests/chatgpt-ads-readiness-pack.test.js tests/oss-pr-opportunity-scout.test.js tests/agent-design-governance.test.js tests/gemini-embedding-policy.test.js tests/openclaw-agent-governance-kit.test.js",
     "test:public-static-assets": "node --test tests/public-static-assets.test.js",
     "test:token-savings": "node --test tests/token-savings.test.js",
-    "test:cost-cli": "node --test tests/cost-cli.test.js",
+    "test:cost-cli": "node --test tests/cost-cli.test.js tests/conversion-receipt.test.js",
     "test:numbers-page": "node --test tests/numbers-page.test.js",
     "test:workflow-gate-checkpoint": "node --test tests/workflow-gate-checkpoint.test.js tests/autonomous-workflow.test.js",
     "workflow:autonomous": "node scripts/autonomous-workflow.js",

package/public/ai-malpractice-prevention.html

@@ -3,11 +3,11 @@
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>AI Malpractice Prevention for Law Firms — ThumbGate</title>
+<title>Pre-Execution Controls for Legal AI Agents - ThumbGate</title>
 <script defer data-domain="thumbgate-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Your AI intake agent can commit unauthorized practice of law, miss a conflict, or breach privilege — usually all three. ThumbGate physically blocks each at the tool-call boundary, with an audit trail your malpractice carrier can read.">
-<meta property="og:title" content="AI Malpractice Prevention for Law Firms">
-<meta property="og:description" content="Runtime governance for legal AI agents — block UPL, miss-conflict, and privilege breach at the tool-call boundary. ABA Formal Op. 512-ready audit trail.">
+<meta name="description" content="Pre-execution controls for law-firm AI agents: block unauthorized advice, conflict-check failures, privilege leaks, and unapproved model calls before an agent acts.">
+<meta property="og:title" content="Pre-Execution Controls for Legal AI Agents">
+<meta property="og:description" content="ThumbGate preloads firm-approved ground truth, checks legal AI actions before execution, and records audit evidence for law-firm innovation, risk, and pricing teams.">
 <meta property="og:type" content="article">
 <meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
 <link rel="canonical" href="https://thumbgate-production.up.railway.app/ai-malpractice-prevention">
@@ -15,52 +15,271 @@
 {
   "@context": "https://schema.org",
   "@type": "TechArticle",
-  "headline": "AI Malpractice Prevention for Law Firms",
-  "description": "ThumbGate is a runtime governance layer that physically blocks AI legal-assistant agents from committing unauthorized practice of law, missing conflicts, or breaching privilege.",
+  "headline": "Pre-Execution Controls for Legal AI Agents",
+  "description": "ThumbGate is a pre-execution control layer for law-firm AI intake workflows. It can preload firm-approved ground truth, evaluate proposed agent actions before execution, and produce audit evidence for human review.",
   "datePublished": "2026-05-21",
-  "dateModified": "2026-05-21",
+  "dateModified": "2026-05-25",
   "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
   "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate-production.up.railway.app" },
   "about": [
-    { "@type": "Thing", "name": "Legal AI" },
+    { "@type": "Thing", "name": "Legal AI Governance" },
     { "@type": "Thing", "name": "Unauthorized Practice of Law" },
     { "@type": "Thing", "name": "Attorney-Client Privilege" },
-    { "@type": "Thing", "name": "ABA Model Rules" },
+    { "@type": "Thing", "name": "ABA Formal Opinion 512" },
     { "@type": "Thing", "name": "Conflict of Interest Check" }
   ]
 }
 </script>
 <style>
-  *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
-  :root { --bg:#0a0a0b; --card:#161618; --border:#222225; --text:#e8e8ec; --muted:#8b8b94; --cyan:#22d3ee; --red:#f87171; --green:#34d399; }
-  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg); color: var(--text); line-height: 1.7; }
-  .container { max-width: 860px; margin: 0 auto; padding: 2rem 1.5rem 4rem; }
-  nav { padding: 1rem 2rem; border-bottom: 1px solid var(--border); display:flex; gap:1.5rem; flex-wrap:wrap; }
-  nav a { color: var(--muted); text-decoration:none; font-size:0.9rem; }
-  nav .brand { color: var(--text); font-weight:700; }
-  .pill { display:inline-block; font-size:0.75rem; letter-spacing:0.08em; text-transform:uppercase; color:var(--cyan); background:rgba(34,211,238,0.08); border:1px solid rgba(34,211,238,0.2); padding:4px 12px; border-radius:100px; margin-top:1.5rem; font-weight:600; }
-  h1 { font-size:2.2rem; line-height:1.15; margin:1rem 0 1rem; }
-  h2 { font-size:1.45rem; margin:2.2rem 0 1rem; color:var(--cyan); }
-  h3 { margin:0.6rem 0; font-size:1rem; }
-  p, li { margin-bottom:0.75rem; }
-  ul, ol { padding-left:1.25rem; }
-  .card { background: var(--card); border:1px solid var(--border); border-radius:12px; padding:1.25rem; margin:1rem 0; }
-  .grid { display:grid; grid-template-columns:repeat(auto-fit,minmax(240px,1fr)); gap:1rem; margin:1rem 0; }
-  .grid .card h3 { color:var(--cyan); }
-  .scenario { border-left:3px solid var(--red); padding:0.9rem 1.1rem; margin:1rem 0; background:rgba(248,113,113,0.04); border-radius:6px; }
-  .scenario .label { display:inline-block; font-size:0.7rem; letter-spacing:0.08em; text-transform:uppercase; color:var(--red); font-weight:700; margin-bottom:0.5rem; }
-  .scenario .resolve { display:inline-block; font-size:0.7rem; letter-spacing:0.08em; text-transform:uppercase; color:var(--green); font-weight:700; margin:0.6rem 0 0.3rem; }
-  .cta { display:inline-block; background:var(--cyan); color:#000; padding:0.8rem 1.2rem; border-radius:8px; text-decoration:none; font-weight:700; }
-  .secondary { color:var(--cyan); text-decoration:underline; margin-left:1rem; }
-  .quote { border-left:3px solid var(--cyan); padding:0.75rem 1rem; margin:1rem 0; color:var(--muted); font-style:italic; }
-  code, pre { font-family: ui-monospace, SFMono-Regular, Menlo, monospace; background:#0f0f11; border:1px solid var(--border); border-radius:6px; padding:0.15rem 0.4rem; font-size:0.9rem; }
-  pre { padding:0.85rem 1rem; overflow-x:auto; }
-  .footer-links { margin-top:2.5rem; padding-top:1.25rem; border-top:1px solid var(--border); color:var(--muted); font-size:0.9rem; }
-  .footer-links a { color:var(--cyan); text-decoration:none; }
-  table.compliance { width:100%; border-collapse:collapse; margin:1rem 0; font-size:0.95rem; }
-  table.compliance th, table.compliance td { padding:0.6rem 0.8rem; border-bottom:1px solid var(--border); text-align:left; vertical-align:top; }
-  table.compliance th { color:var(--cyan); font-size:0.8rem; text-transform:uppercase; letter-spacing:0.05em; }
-  .rule-cite { color:var(--cyan); font-weight:600; }
+  *, *::before, *::after { box-sizing: border-box; }
+  :root {
+    --bg: #08090b;
+    --panel: #14161a;
+    --panel-2: #1b1f26;
+    --line: #2c313a;
+    --text: #f2f4f8;
+    --muted: #a7afbd;
+    --soft: #d8deea;
+    --blue: #62a4ff;
+    --cyan: #2dd4bf;
+    --amber: #f2bd5b;
+    --red: #fb7185;
+    --green: #72e3a5;
+  }
+  body {
+    margin: 0;
+    font-family: Inter, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    background: var(--bg);
+    color: var(--text);
+    line-height: 1.58;
+  }
+  a { color: var(--blue); }
+  nav {
+    display: flex;
+    align-items: center;
+    gap: 1.1rem;
+    flex-wrap: wrap;
+    padding: 0.9rem clamp(1rem, 3vw, 2.25rem);
+    border-bottom: 1px solid var(--line);
+    background: rgba(8, 9, 11, 0.94);
+    position: sticky;
+    top: 0;
+    z-index: 10;
+  }
+  nav a { color: var(--muted); text-decoration: none; font-size: 0.9rem; }
+  nav .brand { color: var(--text); font-weight: 850; }
+  .wrap { max-width: 1120px; margin: 0 auto; padding: 0 clamp(1rem, 3vw, 2rem); }
+  .hero {
+    min-height: calc(100vh - 68px);
+    display: grid;
+    grid-template-columns: minmax(0, 1fr) minmax(320px, 0.9fr);
+    gap: clamp(2rem, 5vw, 4rem);
+    align-items: center;
+    padding: clamp(3rem, 6vw, 5rem) 0 2.2rem;
+  }
+  .eyebrow {
+    display: inline-flex;
+    color: var(--cyan);
+    border: 1px solid rgba(45, 212, 191, 0.24);
+    background: rgba(45, 212, 191, 0.08);
+    padding: 0.34rem 0.72rem;
+    border-radius: 999px;
+    font-size: 0.76rem;
+    font-weight: 850;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+  }
+  h1 {
+    font-size: clamp(2.25rem, 4.1vw, 3.65rem);
+    line-height: 1.03;
+    letter-spacing: 0;
+    margin: 1.1rem 0 1rem;
+    max-width: 800px;
+  }
+  .lead {
+    color: var(--soft);
+    font-size: clamp(1.05rem, 1.65vw, 1.24rem);
+    max-width: 760px;
+    margin: 0 0 1.4rem;
+  }
+  .hero-actions { display: flex; align-items: center; gap: 1rem; flex-wrap: wrap; margin: 1.4rem 0; }
+  .cta {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-height: 48px;
+    padding: 0.78rem 1.05rem;
+    border-radius: 8px;
+    background: var(--blue);
+    color: #06111f;
+    text-decoration: none;
+    font-weight: 850;
+  }
+  .ghost { color: var(--soft); text-decoration: none; border-bottom: 1px solid var(--line); padding-bottom: 0.1rem; }
+  .proof-row {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 0.75rem;
+    margin-top: 1.2rem;
+    max-width: 820px;
+  }
+  .proof {
+    border: 1px solid var(--line);
+    border-radius: 8px;
+    padding: 0.82rem;
+    background: rgba(255, 255, 255, 0.03);
+    min-height: 92px;
+  }
+  .proof strong { display: block; color: var(--text); font-size: 0.94rem; }
+  .proof span { color: var(--muted); font-size: 0.85rem; }
+  .trust-strip {
+    display: grid;
+    grid-template-columns: repeat(4, minmax(0, 1fr));
+    gap: 0.7rem;
+    margin: 1.2rem 0 0;
+    max-width: 920px;
+  }
+  .trust-item {
+    border: 1px solid rgba(98, 164, 255, 0.24);
+    border-radius: 8px;
+    background: rgba(98, 164, 255, 0.07);
+    padding: 0.72rem;
+    color: var(--soft);
+    font-size: 0.82rem;
+    font-weight: 750;
+  }
+  .control-flow {
+    border: 1px solid #343a46;
+    background: #101318;
+    border-radius: 8px;
+    box-shadow: 0 24px 80px rgba(0, 0, 0, 0.34);
+    padding: 1rem;
+  }
+  .flow-asset {
+    display: block;
+    width: 100%;
+    height: auto;
+    border: 1px solid var(--line);
+    border-radius: 8px;
+    margin: 0 0 0.9rem;
+    background: #08090b;
+  }
+  .control-flow h2 { font-size: 1rem; margin: 0 0 0.85rem; color: var(--soft); }
+  .flow-step {
+    display: grid;
+    grid-template-columns: 34px minmax(0, 1fr);
+    gap: 0.8rem;
+    align-items: start;
+    border: 1px solid var(--line);
+    border-radius: 8px;
+    background: var(--panel);
+    padding: 0.88rem;
+    margin: 0.72rem 0;
+  }
+  .num {
+    width: 34px;
+    height: 34px;
+    display: grid;
+    place-items: center;
+    border-radius: 8px;
+    font-weight: 850;
+    color: #06111f;
+    background: var(--cyan);
+  }
+  .flow-step h3 { margin: 0 0 0.24rem; font-size: 0.98rem; }
+  .flow-step p { margin: 0; color: var(--muted); font-size: 0.9rem; }
+  .blocked { border-color: rgba(251, 113, 133, 0.55); background: rgba(251, 113, 133, 0.08); }
+  .blocked .num { background: var(--red); color: #19070a; }
+  .cleared { border-color: rgba(114, 227, 165, 0.42); background: rgba(114, 227, 165, 0.08); }
+  .cleared .num { background: var(--green); color: #06120b; }
+  main section {
+    border-top: 1px solid var(--line);
+    padding: clamp(2.35rem, 5vw, 4rem) 0;
+  }
+  h2 {
+    font-size: clamp(1.75rem, 2.8vw, 2.5rem);
+    line-height: 1.15;
+    margin: 0 0 0.75rem;
+    letter-spacing: 0;
+  }
+  .section-lead { color: var(--muted); font-size: 1.05rem; max-width: 820px; margin: 0 0 1.35rem; }
+  .grid { display: grid; grid-template-columns: repeat(3, minmax(0, 1fr)); gap: 1rem; }
+  .two { grid-template-columns: repeat(2, minmax(0, 1fr)); }
+  .card {
+    border: 1px solid var(--line);
+    background: var(--panel);
+    border-radius: 8px;
+    padding: 1rem;
+  }
+  .card h3 { margin: 0 0 0.5rem; font-size: 1.04rem; color: var(--text); }
+  .card p, .card li { color: var(--muted); margin: 0.42rem 0; }
+  .tag {
+    display: inline-flex;
+    color: #071116;
+    background: var(--cyan);
+    border-radius: 6px;
+    padding: 0.14rem 0.45rem;
+    font-size: 0.72rem;
+    font-weight: 850;
+    margin-bottom: 0.62rem;
+  }
+  .amber { background: var(--amber); }
+  .red { background: var(--red); color: #19070a; }
+  .blue { background: var(--blue); color: #06111f; }
+  .green { background: var(--green); color: #06120b; }
+  .matrix { width: 100%; border-collapse: collapse; border: 1px solid var(--line); border-radius: 8px; overflow: hidden; }
+  .matrix th, .matrix td {
+    padding: 0.82rem;
+    border-bottom: 1px solid var(--line);
+    vertical-align: top;
+    text-align: left;
+  }
+  .matrix th { color: var(--cyan); background: #11151b; font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; }
+  .matrix td { color: var(--muted); }
+  .callout {
+    background: #f2f4f8;
+    color: #111827;
+    border-radius: 8px;
+    padding: clamp(1.2rem, 3vw, 1.8rem);
+  }
+  .callout p, .callout li { color: #344054; }
+  .callout .cta { background: #111827; color: #fff; }
+  .footer {
+    color: var(--muted);
+    padding: 2.2rem 0 4rem;
+    border-top: 1px solid var(--line);
+  }
+  @media (max-width: 880px) {
+    .hero, .grid, .two, .proof-row, .trust-strip { grid-template-columns: 1fr; }
+    .hero { min-height: auto; padding-top: 2.4rem; }
+    nav { position: static; }
+  }
+  @media (max-width: 700px) {
+    .matrix, .matrix tbody, .matrix tr, .matrix td { display: block; width: 100%; }
+    .matrix { border: 0; }
+    .matrix thead { display: none; }
+    .matrix tr {
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      margin-bottom: 0.85rem;
+      background: var(--panel);
+      overflow: hidden;
+    }
+    .matrix td { border-bottom: 1px solid var(--line); padding: 0.75rem 0.9rem; }
+    .matrix td:last-child { border-bottom: 0; }
+    .matrix td::before {
+      display: block;
+      color: var(--cyan);
+      font-size: 0.72rem;
+      font-weight: 850;
+      letter-spacing: 0.06em;
+      margin-bottom: 0.25rem;
+      text-transform: uppercase;
+    }
+    .matrix td:nth-child(1)::before { content: "Buyer question"; }
+    .matrix td:nth-child(2)::before { content: "Pilot answer"; }
+    .matrix td:nth-child(3)::before { content: "Evidence to bring"; }
+  }
 </style>
 </head>
 <body>
@@ -69,115 +288,202 @@
   <a href="/agent-manager">Agent Manager</a>
   <a href="/codex-enterprise">Codex Enterprise</a>
   <a href="/agents-cost-savings">FinOps for Agents</a>
-  <a href="/federal">Federal</a>
   <a href="/dashboard">Dashboard demo</a>
   <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
 </nav>
-<div class="container">
-  <span class="pill">AI Malpractice Prevention</span>
-  <h1>Your AI intake agent can commit UPL, miss a conflict, or breach privilege — usually all three. ThumbGate prevents each at the tool-call boundary.</h1>
-  <p>2025 produced <strong>66 documented court sanctions against attorneys</strong> for AI-generated fake citations and related failures, with fines up to $31,000. That is just the public surface. The internal events — UPL-shaped responses from intake bots, conflict misses, privilege leaks to external LLM processors — are happening at every firm that deployed generative AI in the last 18 months, and most of them are not yet surfacing in OPR review or malpractice claims because the audit trail to catch them doesn't exist.</p>
-  <p>ThumbGate is the runtime layer that catches them <em>before</em> they happen. Every agent action — every API call, every document fetch, every drafted message — passes through a PreToolUse gate that fires before the action executes. Known-bad shapes are blocked with the audit trail your malpractice carrier and your OPR review actually want to read.</p>
-  <p>The framing matters: ThumbGate isn't another legal AI tool your innovation team has to vet. It's the <strong>vetting-collapse layer</strong> that sits between the agents you've already adopted — Harvey, Copilot, Legora, internal scripts, whatever a client mandates next quarter — and the tool calls those agents try to make. One control plane, every model, every matter, every output.</p>
 
-  <h2>The three failure modes ThumbGate prevents</h2>
-  <div class="grid">
-    <div class="card">
-      <h3>1. Unauthorized practice of law <span class="rule-cite">(Rule 5.5)</span></h3>
-      <p>The AI intake bot tells a prospect <em>"based on what you've described, you have a strong case for breach of fiduciary duty."</em> That's legal advice from a non-lawyer. Under Rule 5.5 — and under most state bar interpretations — the firm is on the hook. ThumbGate's UPL gate intercepts response candidates that match advice-shaped patterns (predictions, recommendations, outcome assertions) and replaces them with an intake hand-off to a licensed attorney.</p>
+<div class="wrap">
+  <header class="hero">
+    <div>
+      <span class="eyebrow">Pre-read for law-firm AI governance pilots</span>
+      <h1>Pre-execution controls for legal AI agents.</h1>
+      <p class="lead">Block unauthorized advice, conflict-check failures, privilege leaks, and unapproved model calls before an intake agent replies, fetches records, schedules a meeting, or sends data outside the firm's approved boundary.</p>
+      <div class="hero-actions">
+        <a class="cta" href="mailto:iganapolsky@gmail.com?subject=ThumbGate%2025-minute%20legal%20AI%20pilot%20walkthrough&amp;body=Hi%20Igor%2C%0A%0AWe%27d%20like%20to%20review%20the%2025-minute%20ThumbGate%20legal%20AI%20intake%20pilot.%20Please%20send%20the%20meeting%20invite%20and%20demo%20materials.%0A%0ABest%2C">Book a 25-minute pilot walkthrough</a>
+        <a class="ghost" href="#demo">View the 25-minute demo plan</a>
+      </div>
+      <div class="proof-row" aria-label="Key proof points">
+        <div class="proof"><strong>Preloaded controls</strong><span>Firm policy, approved disclaimers, adverse-party lists, routing rules, and model endpoint allowlists.</span></div>
+        <div class="proof"><strong>Pre-action checks</strong><span>Controls run before the agent replies, fetches records, schedules intake, or calls an external model.</span></div>
+        <div class="proof"><strong>Reviewable evidence</strong><span>Every block, warning, override, and handoff becomes a structured audit event.</span></div>
+      </div>
+      <div class="trust-strip" aria-label="Trust and deployment assumptions">
+        <div class="trust-item">Local-first enforcement option</div>
+        <div class="trust-item">Works around Azure OpenAI, Claude, Gemini, and internal tools</div>
+        <div class="trust-item">ABA Formal Opinion 512 mapped to reviewable controls</div>
+        <div class="trust-item">No guaranteed-malpractice-prevention claim</div>
+      </div>
     </div>
-    <div class="card">
-      <h3>2. Missed conflicts <span class="rule-cite">(Rules 1.7, 1.9, 1.10)</span></h3>
-      <p>The agent processes a new-client inquiry at 11pm on Sunday, schedules an intake call for Monday, sends a generic engagement letter — and only then runs the conflict check that finds the prospect is the opposing party in an existing matter. By then the firm has already received confidential information from the prospect. ThumbGate's conflict gate requires a positive clearance from the firm's adverse-parties list <em>before</em> the agent can accept any intake content beyond the initial routing question.</p>
-    </div>
-    <div class="card">
-      <h3>3. Privilege breach <span class="rule-cite">(Rule 1.6 + state evidence rules)</span></h3>
-      <p>An associate uses the firm's AI assistant to summarize a privileged deposition. The agent calls a public LLM endpoint to "improve the summary." Privileged content just left the firm's infrastructure to a third-party processor that has no equivalent privilege protection. ThumbGate's egress gate inspects every outbound API call from agents and blocks transmissions of content matching privilege-policy patterns (matter ID, client name, "Attorney Work Product" markers, custom firm classifiers) to non-approved processors.</p>
-    </div>
-  </div>
-
-  <h2>How the prevention actually works</h2>
-  <p>The mechanism is deliberately simple. ThumbGate sits between the agent and the world as a hook layer; every tool call the agent attempts (HTTP request, file read, database query, generated response delivery) passes through a <code>PreToolUse</code> gate first. The gate evaluates the proposed action against a lesson database built from your firm's own observed failures plus a library of legal-vertical defaults shipped with the product.</p>
-  <ul>
-    <li><strong>Promoted rules block known-bad shapes.</strong> When the same failure pattern recurs three or more times — silently, without a human even noticing — silent-failure clustering surfaces it as a candidate rule. A pre-promotion eval verifies precision before it joins the active gate set.</li>
-    <li><strong>Every block is logged with provenance.</strong> What was attempted, what rule fired, what corrective action the agent was redirected to. That log is the artifact your malpractice carrier and your OPR review actually want — not a vendor's "trust me" assurance.</li>
-    <li><strong>Nothing leaves your boundary.</strong> ThumbGate runs in-process or as a sidecar in your Azure / AWS tenant or on-prem. No client data, no privileged content, no matter metadata traverses our infrastructure. The hosted dashboard is optional and never receives privileged payloads — only counters and rule metadata.</li>
-  </ul>
-
-  <h2>Three scenarios from real firm pain</h2>
-
-  <div class="scenario">
-    <span class="label">Scenario 1 — after-hours UPL</span>
-    <p><strong>Without ThumbGate:</strong> Saturday 11 PM. An estate-planning prospect uses the firm's website AI assistant to ask "if I name my brother as executor but he lives in another state, does that cause problems?" The assistant, trained on legal content, replies with a 4-paragraph explanation of out-of-state-executor bonds and tax implications. That's legal advice. The firm's malpractice carrier finds out 8 months later when the prospect (who hired a different firm) sues over an estate dispute and the deposition surfaces the chatbot transcript.</p>
-    <span class="resolve">With ThumbGate</span>
-    <p>The UPL gate matches the response shape (jurisdictional analysis + recommendation) against the promoted rule for "advice-shaped output from non-attorney source." The assistant's response is intercepted before delivery and replaced with: <em>"That's a legal question that needs a licensed attorney in your state. I can book you a 30-min consult with one of our estate-planning attorneys — would Monday at 10 AM work?"</em> The intake gets scheduled, the firm captures the lead, no UPL ever occurs, and the audit log shows the firm prevented the failure mode.</p>
-  </div>
-
-  <div class="scenario">
-    <span class="label">Scenario 2 — adverse-party conflict miss</span>
-    <p><strong>Without ThumbGate:</strong> A junior associate uses the firm's AI document-fetcher agent to pull "all recent filings involving Acme Corporation" for due diligence on a new M&A engagement. The agent retrieves dozens of documents — including filings from a matter where the firm represents Acme's largest competitor. Privileged work product from the existing matter now sits in the associate's local cache. The firm has just created a screen problem at minimum; at worst, a disqualification motion six weeks later.</p>
-    <span class="resolve">With ThumbGate</span>
-    <p>The conflict gate fires on every document-fetch tool call. Before the fetch executes, it cross-references the requesting matter ID against the firm's adverse-parties list. The Acme-competitor matter is flagged. The fetch is blocked and the agent is redirected to: <em>"Acme Corporation appears as an adverse party in matter [REDACTED]. This fetch is blocked. Contact [matter-attorney email] to discuss whether an ethics screen is needed before proceeding."</em> No cross-contamination, no waiver risk.</p>
-  </div>
-
-  <div class="scenario">
-    <span class="label">Scenario 3 — egress privilege breach</span>
-    <p><strong>Without ThumbGate:</strong> A partner pastes a 200-page deposition transcript into the firm's "AI Brief Assistant" and asks for a summary. The Brief Assistant, under the hood, calls an external LLM API for the long-context summarization step because the in-house model's context window is too short. Privileged deposition content just left the firm's network to a vendor whose terms of service include "we may use submitted content to improve our models." Privilege waiver argument waiting to happen.</p>
-    <span class="resolve">With ThumbGate</span>
-    <p>The egress gate inspects every outbound API call. The deposition's metadata header includes the firm's "Attorney Work Product" marker. The call to the external LLM is blocked. The agent is redirected to a privilege-safe alternative: in-tenant summarization via the firm's Azure OpenAI deployment (which carries the firm's BAA) or chunked summarization that stays inside the model's context window. The transcript never leaves the firm's boundary; the audit log records the block.</p>
-  </div>
 
-  <h2>Compliance matrix — what ThumbGate maps to</h2>
-  <table class="compliance">
-    <thead>
-      <tr><th>Authority</th><th>Requirement</th><th>ThumbGate's mechanism</th></tr>
-    </thead>
-    <tbody>
-      <tr><td>ABA Model Rule 1.1 + cmt. 8</td><td>Competence in the benefits and risks of relevant technology</td><td>Audit trail of every agent action gives partners evidence of supervision-grade understanding</td></tr>
-      <tr><td>ABA Model Rule 1.6</td><td>Protect confidential information</td><td>Egress gate blocks outbound calls carrying client-confidential or privileged content to non-approved processors</td></tr>
-      <tr><td>ABA Model Rule 5.3</td><td>Supervise non-lawyer assistance, including AI tools</td><td>Per-call evidence + per-rule provenance is the supervision artifact</td></tr>
-      <tr><td>ABA Model Rule 5.5</td><td>No unauthorized practice of law</td><td>UPL gate intercepts advice-shaped output from non-attorney agents pre-delivery</td></tr>
-      <tr><td>ABA Formal Op. 512 (Jul 2024)</td><td>Verify AI output, protect confidentiality, consider client disclosure</td><td>Audit trail covers the verification + disclosure questions in one artifact</td></tr>
-      <tr><td>Rules 1.7 / 1.9 / 1.10</td><td>Conflict of interest screening</td><td>Conflict gate requires positive clearance against adverse-parties list before agent can accept intake content</td></tr>
-    </tbody>
-  </table>
+    <aside class="control-flow" aria-label="ThumbGate pre-action control flow">
+      <img class="flow-asset" src="/assets/legal-intake-control-flow.svg" alt="Diagram of the ThumbGate legal intake pre-action control flow">
+      <h2>What the demo should show</h2>
+      <div class="flow-step">
+        <span class="num">1</span>
+        <div>
+          <h3>Prospect asks a risky intake question</h3>
+          <p>"Can I sue my former employer in Florida if they changed my commission plan?"</p>
+        </div>
+      </div>
+      <div class="flow-step blocked">
+        <span class="num">2</span>
+        <div>
+          <h3>Advice-shaped response is stopped</h3>
+          <p>Legal conclusion plus jurisdictional recommendation is routed to attorney review before delivery.</p>
+        </div>
+      </div>
+      <div class="flow-step cleared">
+        <span class="num">3</span>
+        <div>
+          <h3>Safe handoff is allowed</h3>
+          <p>The agent collects neutral routing details and schedules review without creating reliance.</p>
+        </div>
+      </div>
+      <div class="flow-step">
+        <span class="num">4</span>
+        <div>
+          <h3>Audit event is exportable</h3>
+          <p>Rule version, source policy, proposed action, outcome, reviewer, and timestamp are preserved.</p>
+        </div>
+      </div>
+    </aside>
+  </header>
 
-  <h2>Why this is the Chief Pricing & Innovation Officer's problem (not just the GC's)</h2>
-  <p>Every alternative-fee arrangement carries an implicit risk reserve against malpractice tail events. A single sanction, disqualification motion, or bar complaint compresses AFA margins for the entire vintage of matters affected. The events ThumbGate prevents are precisely the events that trigger reserves. Framed in pricing terms, the runtime gate is a <strong>reserve-cost reduction control</strong>: prevented sanctions are dollars not held against alternative-fee matter margins. The audit trail is the artifact the firm's malpractice carrier reads when arguing for a premium reduction at the next renewal.</p>
-  <p>Standardization gets easier the same way. Each new client mandate ("you must use Tool X for our matters, you may not use Tool Y") becomes a policy update at the gate, not a per-tool re-vetting cycle. The vetting work that takes calendar weeks today becomes a one-line rule in the gate config — applied across every existing agent without re-implementation.</p>
+  <main>
+    <section>
+      <h2>Why this is credible now.</h2>
+      <p class="section-lead">The market is not waiting for perfect AI. Large firms are adopting legal AI while ethics, security, and innovation teams are still formalizing the controls around it. ThumbGate fits that gap: it is not another research assistant; it is a control point around the assistants and agents a firm already wants to evaluate.</p>
+      <div class="grid">
+        <div class="card">
+          <span class="tag blue">Governance</span>
+          <h3>ABA Formal Opinion 512 maps cleanly to controls</h3>
+          <p>Competence, confidentiality, supervision, verification, communication, and reasonable fees become concrete checks and review records.</p>
+        </div>
+        <div class="card">
+          <span class="tag amber">Adoption</span>
+          <h3>AI is entering normal workflows</h3>
+          <p>The practical buyer question is no longer "will lawyers use AI?" It is "which actions can an agent take without review?"</p>
+        </div>
+        <div class="card">
+          <span class="tag green">Positioning</span>
+          <h3>Vendor-neutral by design</h3>
+          <p>The pilot can sit around internal tools, Azure OpenAI, Claude, Gemini, document systems, or purpose-built legal AI products.</p>
+        </div>
+      </div>
+    </section>
 
-  <h2>The deployment story (security committee's first objection answered first)</h2>
-  <ul>
-    <li><strong>Runs inside your boundary.</strong> ThumbGate is a Node.js process that runs as a sidecar in your Azure / AWS / on-prem environment. No client data, no privileged content, no matter metadata traverses our infrastructure.</li>
-    <li><strong>Microsoft 365 / Azure OpenAI compatible.</strong> If your firm is on the Microsoft stack, ThumbGate gates calls to your Azure OpenAI endpoint just as cleanly as it gates Anthropic, OpenAI public API, or any other LLM.</li>
-    <li><strong>BAA / DPA path.</strong> The optional hosted dashboard (analytics + rule library) carries a BAA. The runtime gate layer carries no BAA need because it never receives PHI / PII / privileged content — only counters and metadata.</li>
-    <li><strong>SOC 2 Type II in progress.</strong> Audit underway; final report Q3 2026. Pilot engagements can proceed under SOC 2 Type I + a Vendor Security Questionnaire response on file.</li>
-    <li><strong>No model lock-in.</strong> ThumbGate is vendor-neutral on the LLM. It works equally over Claude (Anthropic + AWS Bedrock), GPT-4 (OpenAI + Azure), Gemini, Llama-on-Mosaic, or any HTTP-callable model.</li>
-  </ul>
+    <section>
+      <h2>Yes, the pilot can start with preloaded ground truth.</h2>
+      <p class="section-lead">The first pilot should not ask the model to discover the firm's risk posture. ThumbGate should load the approved rule pack before the first intake simulation, then prove that the agent is physically stopped when a proposed action violates that pack.</p>
+      <div class="grid">
+        <div class="card">
+          <span class="tag green">Inputs</span>
+          <h3>Firm-approved source material</h3>
+          <p>Disclaimers, intake scripts, escalation rules, practice-area boundaries, jurisdiction notes, model endpoint policy, retention rules, and reviewer roles.</p>
+        </div>
+        <div class="card">
+          <span class="tag amber">Fixtures</span>
+          <h3>Adverse-party and matter examples</h3>
+          <p>A synthetic adverse-party list and red-team intake transcripts let the demo show conflict stops without exposing privileged or client data.</p>
+        </div>
+        <div class="card">
+          <span class="tag blue">Outputs</span>
+          <h3>Deterministic control evidence</h3>
+          <p>Each demo decision shows the matched rule, proposed action, allowed or blocked outcome, reviewer path, timestamp, and exportable audit record.</p>
+        </div>
+      </div>
+    </section>
 
-  <h2>Pilot shape</h2>
-  <p>The recommended first engagement is a 30-day pilot focused on a single intake-channel and a single practice-area-specific conflict-list. Two of your attorneys, two of your IT/innovation staff, and one ThumbGate engineer running biweekly sync calls. Pilot deliverable: a documented set of promoted gate rules specific to your firm's risk profile, the audit-trail format reviewed by your malpractice carrier or OPR liaison, and a written go/no-go recommendation on firm-wide rollout. Investment for the pilot is positioned as a Workflow Hardening Sprint — fixed-scope, fixed-price, no per-attorney metering during evaluation.</p>
+    <section>
+      <h2>Three failure modes the pilot should control.</h2>
+      <div class="grid">
+        <div class="card">
+          <span class="tag red">UPL</span>
+          <h3>Unauthorized-practice risk</h3>
+          <p>Block outcome predictions, jurisdictional recommendations, and advice-shaped responses from non-attorney intake agents. Allow neutral collection and attorney handoff.</p>
+        </div>
+        <div class="card">
+          <span class="tag amber">Conflicts</span>
+          <h3>Conflict preconditions</h3>
+          <p>Require configured adverse-party clearance before the agent continues intake or requests sensitive matter facts.</p>
+        </div>
+        <div class="card">
+          <span class="tag blue">Privilege</span>
+          <h3>Confidentiality and egress</h3>
+          <p>Block or reroute outbound calls that include privileged markers, matter identifiers, or firm-classified confidential content.</p>
+        </div>
+      </div>
+    </section>
 
-  <div class="quote">"The job of legal-AI governance isn't 'tell the model to be more careful.' It's the tool-call boundary, with an audit trail that survives the deposition."</div>
+    <section id="demo">
+      <h2>25-minute walkthrough agenda.</h2>
+      <p class="section-lead">The call should be visual. The goal is not to prove every enterprise feature. It is to show a repeatable mechanism the innovation team can explain internally.</p>
+      <div class="two grid">
+        <div class="card">
+          <h3>Show these assets</h3>
+          <ul>
+            <li>One unsafe intake transcript and blocked response.</li>
+            <li>One conflict-precheck stop before sensitive facts are collected.</li>
+            <li>One egress block or safe in-tenant reroute.</li>
+            <li>One audit export with rule version, source, outcome, and reviewer.</li>
+          </ul>
+        </div>
+        <div class="card">
+          <h3>Skip these on the first call</h3>
+          <ul>
+            <li>Broad platform tour.</li>
+            <li>Pricing page or checkout flow.</li>
+            <li>Unverified sanctions statistics.</li>
+            <li>Claims about SOC 2, BAA, carrier discounts, or guaranteed malpractice prevention.</li>
+          </ul>
+        </div>
+      </div>
+      <div class="two grid" style="margin-top:1rem;">
+        <div class="card">
+          <h3>Suggested agenda</h3>
+          <ul>
+            <li>3 minutes: confirm the target workflow and risk owners.</li>
+            <li>7 minutes: show blocked unauthorized-advice and conflict examples.</li>
+            <li>7 minutes: show preloaded ground truth and audit evidence.</li>
+            <li>5 minutes: discuss deployment boundary, data handling, and reviewer roles.</li>
+            <li>3 minutes: agree on pilot inputs and next step.</li>
+          </ul>
+        </div>
+        <div class="card">
+          <h3>Recommended ask</h3>
+          <p>Ask for one practice-area workflow, one approved disclaimer, one synthetic adverse-party fixture, one security contact, and permission to build a no-client-data pilot pack.</p>
+        </div>
+      </div>
+    </section>
 
-  <div class="card">
-    <p><strong>Next step: a 25-min walkthrough on a hypothetical intake-and-conflict scenario specific to your firm.</strong></p>
-    <p>
-      <a href="mailto:iganapolsky@gmail.com?subject=ThumbGate%20AI%20Malpractice%20Prevention%20-%20demo%20request&amp;body=Hi%20Igor%2C%0A%0AI%27m%20at%20%5Bfirm%5D%20and%20saw%20your%20AI%20malpractice%20prevention%20page.%20%0A%0AWe%27re%20evaluating%20how%20to%20govern%20our%20agentic%20legal-AI%20deployment%20and%20I%27d%20like%20to%20see%20a%20walkthrough.%20%0A%0AMy%20practice%20area%20is%3A%20%5B%5D%0AThe%20intake%20channel%20we%27re%20most%20worried%20about%3A%20%5B%5D%0A%0ABest%2C" class="cta">Book a 25-min walkthrough</a>
-      <a href="/agent-manager" class="secondary">Or read the Agent Manager role framing →</a>
-    </p>
-  </div>
+    <section>
+      <h2>Procurement questions to answer early.</h2>
+      <table class="matrix">
+        <thead>
+          <tr><th>Buyer question</th><th>Pilot answer</th><th>Evidence to bring</th></tr>
+        </thead>
+        <tbody>
+          <tr><td>Will our data train models?</td><td>The pilot can run inside the firm's boundary. Hosted services should receive only counters and rule metadata unless explicitly approved.</td><td>Data-flow diagram, retention note, subprocessor list.</td></tr>
+          <tr><td>Who can see privileged data?</td><td>Default pilot design keeps privileged payloads in the firm's environment, with access governed by their controls.</td><td>Architecture note and access-control assumptions.</td></tr>
+          <tr><td>Can we reproduce a decision later?</td><td>Each event should preserve the rule version, source policy, proposed action, decision, reviewer, and timestamp.</td><td>Sample audit export.</td></tr>
+          <tr><td>How do we tune false positives?</td><td>Use hard block, review queue, warning, and allow modes. Promote rules only after test examples and attorney approval.</td><td>Rule lifecycle and override examples.</td></tr>
+        </tbody>
+      </table>
+    </section>
 
-  <h2>Related reading</h2>
-  <ul>
-    <li><a href="/agents-cost-savings">FinOps for AI agents</a> — the cost-control composition for firms running multiple agents across matters.</li>
-    <li><a href="/federal">Federal / regulated workloads</a> — the same compliance bones (deployable inside your tenant, audit trail, SOC 2 path) that work for federal also satisfy law-firm professional-responsibility committees.</li>
-    <li><a href="/agent-manager">ThumbGate for the Agent Manager</a> — the role inside the firm that owns "what are our agents costing us, and what did we stop them from doing?"</li>
-  </ul>
+    <section>
+      <div class="callout">
+        <h2>Recommended 30-day pilot.</h2>
+        <p>Start narrow: one intake channel, one practice-area workflow, one adverse-party fixture, one approved-model routing policy, and one audit export format.</p>
+        <p>Deliverables: preloaded rule pack, demo agent, screenshot set, 60-second walkthrough clip, security data-flow note, pilot metrics, and a go/no-go rollout recommendation.</p>
+        <p><a class="cta" href="mailto:iganapolsky@gmail.com?subject=ThumbGate%2025-minute%20legal%20AI%20pilot%20walkthrough&amp;body=Hi%20Igor%2C%0A%0AWe%27d%20like%20to%20review%20the%2025-minute%20ThumbGate%20legal%20AI%20intake%20pilot.%20Please%20send%20the%20meeting%20invite%20and%20demo%20materials.%0A%0ABest%2C">Book a 25-minute pilot walkthrough</a></p>
+      </div>
+    </section>
+  </main>
 
-  <div class="footer-links">
-    Built for law firms whose Innovation function has been told to "make AI work in intake and document review" but hasn't been given the safety net that lets their partners sign off without losing sleep. ABA Formal Op. 512 is the bar; ThumbGate is the floor.
-  </div>
+  <footer class="footer">
+    <p>ThumbGate is a software control layer, not legal advice. This page is intended for pilot scoping with law-firm innovation, technology, risk, and pricing teams. Final policy choices should be reviewed by the firm's attorneys and security team.</p>
+  </footer>
 </div>
 </body>
 </html>

package/public/index.html

@@ -19,7 +19,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://thumbgate-production.up.railway.app/og.png">
-<meta name="thumbgate-version" content="1.23.0">
+<meta name="thumbgate-version" content="1.23.1">
 <meta name="keywords" content="ThumbGate, thumbgate, AI agent orchestration, AI experience orchestration, agent enforcement layer, save LLM tokens, reduce Claude API cost, reduce OpenAI cost, AI agent token savings, prevent LLM retries, prevent hallucination retries, stop AI token waste, pre-action checks, agent governance, Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, workflow hardening, context engineering, AI authenticity, brand authenticity AI">
 <link rel="apple-touch-icon" href="/apple-touch-icon.png">
 
@@ -817,6 +817,37 @@ __GA_BOOTSTRAP__
   </div>
 </section>
 
+<section class="compatibility" id="deterministic-prevention">
+  <div class="container">
+    <div class="section-label">Deterministic Prevention</div>
+    <h2 class="section-title">Native thumbs are a black box. ThumbGate is the inspectable control layer.</h2>
+    <p style="text-align:center;font-size:16px;color:var(--text-muted);max-width:900px;margin:0 auto 28px;line-height:1.7;">Codex, Claude Code, ChatGPT, and other agent surfaces can collect preference signals, but you usually cannot see exactly what changed, which rule will fire, or why a future tool call is allowed. ThumbGate keeps the prevention layer outside the model: typed feedback becomes a local lesson, repeated mistakes become explicit rules, and every block names the matched rule, source lesson, tool call, and audit event.</p>
+    <div class="agent-grid">
+      <div class="agent-card">
+        <h3>Black-box memory</h3>
+        <p>Native thumbs and vendor memories may improve future behavior, but they do not give teams a deterministic allow/block contract at the moment an agent touches files, terminals, APIs, or CI.</p>
+      </div>
+      <div class="agent-card">
+        <h3>Inspectable ThumbGate memory</h3>
+        <p>Lessons live in your ThumbGate store, can be searched, exported as JSONL or DPO pairs, and traced back to the exact correction that created the rule.</p>
+      </div>
+      <div class="agent-card">
+        <h3>Rules before execution</h3>
+        <p>The final decision is not another model opinion. ThumbGate checks tool name, arguments, working directory, command shape, confidence, and required evidence before the action runs.</p>
+      </div>
+    </div>
+    <div style="margin:26px auto 0;max-width:960px;border:1px solid rgba(34,211,238,0.18);border-radius:8px;background:rgba(34,211,238,0.05);padding:18px 20px;">
+      <h3 style="margin:0 0 10px;color:var(--text);font-size:18px;">Why this matters now</h3>
+      <ul style="margin:0;padding-left:20px;color:var(--text-muted);line-height:1.7;">
+        <li><strong>Agent security is now mainstream risk.</strong> Coding agents run shell commands, write files, query databases, and chain actions with developer permissions, so unattended autonomy needs a local policy boundary.</li>
+        <li><strong>MCP adoption is accelerating.</strong> More tools are becoming agent-callable through shared protocols, which means one cross-agent governance layer beats one-off prompt rules per app.</li>
+        <li><strong>Repeated failures waste cash and trust.</strong> Every repeat burns tokens, review time, and release confidence. ThumbGate turns the first correction into a reusable prevention check.</li>
+      </ul>
+      <p style="margin:12px 0 0;font-size:13px;color:var(--text-dim);">Sources to verify the market timing: <a href="https://www.docker.com/blog/ai-coding-agent-horror-stories-security-risks/" target="_blank" rel="noopener" style="color:var(--cyan);">Docker on AI coding agent security risks</a>, <a href="https://www.techradar.com/pro/how-ai-agents-are-wrecking-havoc-in-legacy-security-setups-and-enterprises-are-catching-up" target="_blank" rel="noopener" style="color:var(--cyan);">TechRadar on enterprise agent security pressure</a>, and <a href="https://www.techradar.com/pro/zendesk-becomes-the-latest-to-adopt-mcp-to-futureproof-customers-in-the-ai-first-era" target="_blank" rel="noopener" style="color:var(--cyan);">current MCP adoption coverage</a>.</p>
+    </div>
+  </div>
+</section>
+
 <section class="marketing-deep-dive" style="padding:28px 0 10px;">
   <div class="container" style="max-width:1240px;">
     <div class="section-label">Status bar proof</div>
@@ -1492,7 +1523,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.23.0</span>
+    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.23.1</span>
   </div>
 </footer>
 

package/public/numbers.html

@@ -25,7 +25,7 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.23.0",
+  "softwareVersion": "1.23.1",
   "url": "https://thumbgate-production.up.railway.app/numbers",
   "dateModified": "2026-05-07",
   "creator": {
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.23.0</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.23.1</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
 
   <h2>Gate enforcement</h2>

package/public/pro.html

@@ -815,6 +815,28 @@ __GA_BOOTSTRAP__
   </div>
 </section>
 
+<section class="section" id="deterministic-loop">
+  <div class="container">
+    <div class="section-label">Why Pro now</div>
+    <h2 class="section-title">Black-box thumbs do not prove prevention. Pro gives the operator an audit loop.</h2>
+    <p class="section-intro">Native rating buttons can tell a vendor that an answer felt wrong. ThumbGate Pro gives you the operational record: the correction, the lesson, the rule, the blocked tool call, and the export path.</p>
+    <div class="grid-3">
+      <div class="feature-card">
+        <h3>Inspectable memory</h3>
+        <p>Search the exact lesson that came from a thumbs-down and see whether it is still active, warning-only, or blocking.</p>
+      </div>
+      <div class="feature-card">
+        <h3>Deterministic checks</h3>
+        <p>The enforcement layer evaluates tool name, arguments, working directory, command shape, confidence, and required evidence before the action runs.</p>
+      </div>
+      <div class="feature-card">
+        <h3>Exportable proof</h3>
+        <p>Take the same correction history into JSONL, DPO export, review packets, and team rollout conversations instead of trusting hidden memory.</p>
+      </div>
+    </div>
+  </div>
+</section>
+
 <section class="section" id="why-pay">
   <div class="container">
     <div class="section-label">Why operators pay</div>

package/scripts/commercial-offer.js

@@ -35,6 +35,75 @@ function normalizeSeatCount(value, fallback = TEAM_MIN_SEATS) {
   return Math.max(TEAM_MIN_SEATS, Math.round(parsed));
 }
 
+function trackedProUrl(source = 'cli_receipt', content = 'value_receipt') {
+  try {
+    const url = new URL(PRO_MONTHLY_PAYMENT_LINK);
+    url.searchParams.set('utm_source', source);
+    url.searchParams.set('utm_medium', 'cli');
+    url.searchParams.set('utm_campaign', 'pro_conversion');
+    url.searchParams.set('utm_content', content);
+    return url.toString();
+  } catch (_) {
+    return PRO_MONTHLY_PAYMENT_LINK;
+  }
+}
+
+function pluralize(count, singular, plural = `${singular}s`) {
+  return Number(count) === 1 ? singular : plural;
+}
+
+function buildCaptureReceipt({ signal, feedbackId, memoryId, actionType } = {}) {
+  const normalizedSignal = String(signal || '').toUpperCase() || 'UNKNOWN';
+  const lines = [
+    '',
+    'Value receipt',
+    '─'.repeat(50),
+    `  Stored proof   : ${normalizedSignal} feedback${feedbackId ? ` (${feedbackId})` : ''}`,
+    memoryId ? `  Local memory   : ${memoryId}` : '  Local memory   : saved locally',
+    actionType ? `  Rule pressure  : ${actionType}` : '  Rule pressure  : available for promotion',
+    '  Next proof     : npx thumbgate stats',
+    '  Cost proof     : npx thumbgate cost',
+    '',
+    `  Solo Pro       : ${PRO_PRICE_LABEL} for dashboard, search, exports, sync`,
+    `  Upgrade        : ${trackedProUrl('cli_capture_receipt', actionType || normalizedSignal.toLowerCase())}`,
+    `  Team path      : ${TEAM_PRICE_LABEL}; start with one repeated workflow failure`,
+    '                   https://thumbgate.ai/#workflow-sprint-intake',
+    '',
+  ];
+  return lines.join('\n');
+}
+
+function buildStatsReceipt(stats = {}) {
+  const negatives = Number(stats.negatives || stats.totalNegative || 0);
+  const blocked = Number(stats.gatesBlocked || stats.blocked || 0);
+  const warned = Number(stats.gatesWarned || stats.warned || 0);
+  const gates = Number(stats.totalGates || 0);
+  const autoPromoted = Number(stats.autoPromotedGates || 0);
+  const hasFriction = negatives > 0 || blocked > 0 || warned > 0 || gates > 0;
+  if (!hasFriction) return '';
+
+  const interventions = blocked + warned;
+  const lines = [
+    '',
+    'Paid-intent next step',
+    '─'.repeat(50),
+  ];
+  if (interventions > 0) {
+    lines.push(`  Proof already seen : ${interventions} gate ${pluralize(interventions, 'intervention')}`);
+  }
+  if (gates > 0) {
+    lines.push(`  Active prevention  : ${gates} ${pluralize(gates, 'gate')} (${autoPromoted} auto-promoted)`);
+  }
+  if (negatives > 0) {
+    lines.push(`  Failure pressure   : ${negatives} negative ${pluralize(negatives, 'signal')}`);
+  }
+  lines.push('  Show the buyer     : npx thumbgate cost');
+  lines.push(`  Solo Pro           : ${trackedProUrl('cli_stats_receipt', 'proof_seen')}`);
+  lines.push('  Team workflow      : https://thumbgate.ai/#workflow-sprint-intake');
+  lines.push('');
+  return lines.join('\n');
+}
+
 module.exports = {
   PRO_MONTHLY_PAYMENT_LINK,
   PRO_ANNUAL_PAYMENT_LINK,
@@ -51,4 +120,7 @@ module.exports = {
   normalizePlanId,
   normalizeBillingCycle,
   normalizeSeatCount,
+  buildCaptureReceipt,
+  buildStatsReceipt,
+  trackedProUrl,
 };