thumbgate 1.23.1 → 1.23.2

package/public/numbers.html

@@ -10,9 +10,9 @@
 <meta property="og:title" content="ThumbGate — The Numbers">
 <meta property="og:description" content="Generated first-party operational snapshot: configured gates, recorded interventions, and explicit zero-evidence caveats.">
 <meta property="og:type" content="website">
-<meta property="og:url" content="https://thumbgate-production.up.railway.app/numbers">
+<meta property="og:url" content="https://thumbgate.ai/numbers">
 <meta name="twitter:card" content="summary_large_image">
-<link rel="canonical" href="https://thumbgate-production.up.railway.app/numbers">
+<link rel="canonical" href="https://thumbgate.ai/numbers">
 <link rel="icon" type="image/png" href="/thumbgate-icon.png">
 <link rel="apple-touch-icon" href="/apple-touch-icon.png">
 <script defer data-domain="thumbgate-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
@@ -25,8 +25,8 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.23.1",
-  "url": "https://thumbgate-production.up.railway.app/numbers",
+  "softwareVersion": "1.23.2",
+  "url": "https://thumbgate.ai/numbers",
   "dateModified": "2026-05-07",
   "creator": {
     "@type": "Person",
@@ -46,7 +46,7 @@
   "@type": "Dataset",
   "name": "ThumbGate Operational Snapshot",
   "description": "First-party operational snapshot from the ThumbGate pre-action check runtime: configured checks, recorded block/warn events, estimated token savings from recorded blocks, and Bayes error rate when the sample supports it.",
-  "url": "https://thumbgate-production.up.railway.app/numbers",
+  "url": "https://thumbgate.ai/numbers",
   "license": "https://opensource.org/licenses/MIT",
   "creator": {
     "@type": "Person",
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.23.1</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.23.2</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
 
   <h2>Gate enforcement</h2>

package/public/pricing.html

@@ -12,6 +12,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:url" content="__APP_ORIGIN__/pricing">
 <meta property="og:image" content="/og.png">
 <link rel="canonical" href="__APP_ORIGIN__/pricing">
+<link rel="alternate" type="text/markdown" title="ThumbGate LLM context" href="__APP_ORIGIN__/llm-context.md">
 <link rel="icon" type="image/png" href="/thumbgate-icon.png">
 <link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg">
 
@@ -49,7 +50,7 @@ __GA_BOOTSTRAP__
   "@context": "https://schema.org",
   "@type": "FAQPage",
   "mainEntity": [
-    { "@type": "Question", "name": "What does Pro add over the free CLI?", "acceptedAnswer": { "@type": "Answer", "text": "Free gives you unlimited captures and 5 active rules, running entirely on your machine. Pro is the hosted layer: lesson sync across machines, a dashboard without self-hosting, managed adapter updates, unlimited rules, and DPO export. You're paying for infrastructure we run, not features we hide." } },
+    { "@type": "Question", "name": "What does Pro add over the free CLI?", "acceptedAnswer": { "@type": "Answer", "text": "Free gives you 5 captures/day and 3 active rules, running entirely on your machine. Pro is the hosted layer: unlimited captures, unlimited rules, lesson sync across machines, a dashboard without self-hosting, managed adapter updates, and DPO export. You're paying for infrastructure we run, not features we hide." } },
     { "@type": "Question", "name": "Does ThumbGate send my code to the cloud?", "acceptedAnswer": { "@type": "Answer", "text": "No. The CLI is local-first — no data leaves your machine. Pro and Team add hosted sync for dashboards and shared lessons, but your source code stays local." } },
     { "@type": "Question", "name": "When should I pick Team over Pro?", "acceptedAnswer": { "@type": "Answer", "text": "When one engineer's correction should protect the whole team. Team shares the lesson database across seats so a fix in one repo prevents the same mistake in every repo." } },
     { "@type": "Question", "name": "Can I cancel anytime?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. Pro and Team are month-to-month with a 7-day refund window on the first charge. Cancel from the billing portal and your subscription ends at the period close." } }
@@ -237,8 +238,8 @@ __GA_BOOTSTRAP__
       <div class="price">$0</div>
       <div class="price-sub">Block repeated mistakes daily. Forever free for solo devs.</div>
       <ul>
-        <li>Unlimited feedback captures — every thumbs-down, every session</li>
-        <li>Up to 5 active prevention rules</li>
+        <li>5 feedback captures/day (25 total) — enough to see the value</li>
+        <li>Up to 3 active prevention rules</li>
         <li>All MCP integrations (Claude Code, Cursor, Codex, Gemini, Amp)</li>
         <li>PreToolUse hook blocking with built-in safety checks</li>
         <li>Runs 100% local — no account, no signup, no data leaves your machine</li>
@@ -257,7 +258,7 @@ __GA_BOOTSTRAP__
         <li><strong>Hosted lesson sync</strong> — corrections follow you across machines, no manual export</li>
         <li><strong>Managed adapter matrix</strong> — we track runtime changes in Claude Code, Cursor, Codex, Gemini, Amp so you don't</li>
         <li><strong>Hosted dashboard</strong> — see every blocked action, every rule that fired, without running your own server</li>
-        <li><strong>Unlimited prevention rules</strong> — free caps at 5 auto-promoted rules</li>
+        <li><strong>Unlimited prevention rules</strong> — free caps at 3 auto-promoted rules</li>
         <li><strong>DPO + HuggingFace export</strong> — training data from your real corrections</li>
         <li><strong>Auto-connect</strong> — new agent surfaces appear automatically after setup</li>
         <li>7-day refund window. Cancel anytime.</li>
@@ -296,7 +297,7 @@ __GA_BOOTSTRAP__
     <div class="faq-list">
       <div class="faq-item">
         <div class="faq-q">What does Pro add over the free CLI?</div>
-        <div class="faq-a">Free gives you unlimited captures and 5 active rules, running entirely on your machine. Pro is the hosted layer: lesson sync across machines, a dashboard without self-hosting, managed adapter updates, unlimited rules, and DPO export. You're paying for infrastructure we run, not features we hide.</div>
+        <div class="faq-a">Free gives you 5 captures/day and 3 active rules, running entirely on your machine. Pro is the hosted layer: unlimited captures, unlimited rules, lesson sync across machines, a dashboard without self-hosting, managed adapter updates, and DPO export. You're paying for infrastructure we run, not features we hide.</div>
       </div>
       <div class="faq-item">
         <div class="faq-q">Does ThumbGate send my code to the cloud?</div>

package/public/pro.html

@@ -11,6 +11,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:type" content="website">
 <meta property="og:url" content="__APP_ORIGIN__/pro">
 <link rel="canonical" href="__APP_ORIGIN__/pro">
+<link rel="alternate" type="text/markdown" title="ThumbGate LLM context" href="__APP_ORIGIN__/llm-context.md">
 <link rel="icon" type="image/png" href="/thumbgate-icon.png">
 <link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg">
 <meta property="og:image" content="/og.png">

package/scripts/billing.js

@@ -51,6 +51,7 @@ const {
 } = require('./analytics-window');
 const { ensureParentDir } = require('./fs-utils');
 const mailer = require('./mailer');
+const { recordCheckoutFunnelEvent } = require('./plausible-server-events');
 
 function loadWorkflowSprintIntakeModule() {
   const modulePath = path.resolve(__dirname, 'workflow-sprint-intake.js');
@@ -3038,6 +3039,22 @@ async function handleWebhook(rawBody, signature) {
           attribution,
         });
       }
+      // Fire Plausible purchase event so the funnel poller can measure
+      // end-to-end conversion: visitor → CTA → checkout → email → Stripe → purchase.
+      // Fire-and-forget (never blocks the webhook response).
+      void recordCheckoutFunnelEvent('purchase', {
+        page: '/success',
+        props: {
+          sessionId: session.id,
+          customerId,
+          traceId: traceId || '',
+          packId: packId || '',
+          amount: session.amount_total != null ? String(session.amount_total) : '',
+          currency: session.currency || '',
+          ...attribution,
+        },
+      });
+
       return {
         handled: true,
         action: 'provisioned_api_key',

package/scripts/commercial-offer.js

@@ -61,10 +61,12 @@ function buildCaptureReceipt({ signal, feedbackId, memoryId, actionType } = {})
     `  Stored proof   : ${normalizedSignal} feedback${feedbackId ? ` (${feedbackId})` : ''}`,
     memoryId ? `  Local memory   : ${memoryId}` : '  Local memory   : saved locally',
     actionType ? `  Rule pressure  : ${actionType}` : '  Rule pressure  : available for promotion',
+    '  Free today     : this proof protects this local machine',
+    '  Pro sync       : keep this lesson, rule, and dashboard synced across machines and agent runtimes',
     '  Next proof     : npx thumbgate stats',
     '  Cost proof     : npx thumbgate cost',
     '',
-    `  Solo Pro       : ${PRO_PRICE_LABEL} for dashboard, search, exports, sync`,
+    `  Solo Pro       : ${PRO_PRICE_LABEL} for hosted sync, search, dashboard, and exports`,
     `  Upgrade        : ${trackedProUrl('cli_capture_receipt', actionType || normalizedSignal.toLowerCase())}`,
     `  Team path      : ${TEAM_PRICE_LABEL}; start with one repeated workflow failure`,
     '                   https://thumbgate.ai/#workflow-sprint-intake',
@@ -98,6 +100,7 @@ function buildStatsReceipt(stats = {}) {
     lines.push(`  Failure pressure   : ${negatives} negative ${pluralize(negatives, 'signal')}`);
   }
   lines.push('  Show the buyer     : npx thumbgate cost');
+  lines.push('  Pro sync value     : keep these lessons/rules visible across laptops, CI, containers, and agent runtimes');
   lines.push(`  Solo Pro           : ${trackedProUrl('cli_stats_receipt', 'proof_seen')}`);
   lines.push('  Team workflow      : https://thumbgate.ai/#workflow-sprint-intake');
   lines.push('');

package/scripts/dashboard.js

@@ -967,6 +967,20 @@ function computeAnalyticsSummary(feedbackDir, options = {}) {
   return {
     window: telemetry.window || analyticsWindow,
     telemetry,
+    firstPartyTrafficQuality: telemetry.trafficQuality || {
+      rawEvents: telemetry.totalEvents || 0,
+      externalEvents: 0,
+      excludedEvents: 0,
+      exclusionRate: 0,
+      byAudience: {},
+      byExclusionReason: {},
+      external: {
+        uniqueVisitors: 0,
+        pageViews: 0,
+        checkoutStarts: 0,
+      },
+      verdict: 'missing',
+    },
     funnel: {
       visitors: uniqueVisitors,
       sessions: telemetry.visitors ? telemetry.visitors.uniqueSessions || 0 : 0,
@@ -1149,16 +1163,42 @@ function computeInstrumentationReadiness(analytics, billing) {
   const coverage = billing && billing.coverage ? billing.coverage : {};
   const telemetry = analytics.telemetry || {};
   const visitors = telemetry.visitors || {};
+  const quality = telemetry.trafficQuality || analytics.firstPartyTrafficQuality || {};
+  const external = quality.external || {};
   const cli = telemetry.cli || {};
+  const plausibleExportConfigured = Boolean(
+    process.env.PLAUSIBLE_API_KEY && (process.env.PLAUSIBLE_SITE_ID || process.env.PLAUSIBLE_DOMAIN)
+  );
+  const posthogExportConfigured = Boolean(
+    (process.env.POSTHOG_PERSONAL_API_KEY || process.env.POSTHOG_API_KEY) && process.env.POSTHOG_PROJECT_ID
+  );
+  const ga4ExportConfigured = Boolean(
+    process.env.GA4_PROPERTY_ID && (process.env.GOOGLE_APPLICATION_CREDENTIALS || process.env.GOOGLE_CLIENT_EMAIL)
+  );
+  const dashboardGradeExportReady = plausibleExportConfigured || posthogExportConfigured || ga4ExportConfigured;
 
   return {
-    plausibleConfigured: /plausible\.io\/js\/script\.js|\/js\/analytics\.js/.test(landingPage),
+    plausibleConfigured: /plausible\.io\/js\/script(?:\.tagged-events)?\.js|\/js\/analytics\.js/.test(landingPage),
     ga4Configured: Boolean(runtimeConfig.gaMeasurementId),
     googleSearchConsoleConfigured: Boolean(runtimeConfig.googleSiteVerification),
     softwareApplicationSchemaPresent: /"@type": "SoftwareApplication"/.test(landingPage),
     faqSchemaPresent: /"@type": "FAQPage"/.test(landingPage),
     telemetryEventsPresent: (telemetry.totalEvents || 0) > 0,
     uniqueVisitorsTracked: visitors.uniqueVisitors || 0,
+    rawTelemetryEvents: quality.rawEvents || telemetry.totalEvents || 0,
+    externalTelemetryEvents: quality.externalEvents || 0,
+    excludedTelemetryEvents: quality.excludedEvents || 0,
+    externalVisitorsTracked: external.uniqueVisitors || 0,
+    externalPageViewsTracked: external.pageViews || 0,
+    externalCheckoutStartsTracked: external.checkoutStarts || 0,
+    externalVisitorPathsTracked: Array.isArray(external.visitorPaths) ? external.visitorPaths.length : 0,
+    internalTestPollutionRate: quality.exclusionRate || 0,
+    trafficQualityVerdict: quality.verdict || 'missing',
+    topExcludedTrafficReason: quality.topExclusionReason || null,
+    plausibleExportConfigured,
+    posthogExportConfigured,
+    ga4ExportConfigured,
+    dashboardGradeExportReady,
     cliInstallsTracked: cli.uniqueInstalls || 0,
     funnelEventsPresent: (analytics.reconciliation.telemetryCheckoutStarts || 0) > 0,
     seoSignalsPresent: (analytics.seo.landingViews || 0) > 0,
@@ -1865,8 +1905,10 @@ function printDashboard(data) {
   console.log('');
   console.log('\uD83D\uDCBC Growth Analytics');
   console.log(`  Unique Visitors  : ${analytics.trafficMetrics.visitors}`);
+  console.log(`  External Visitors: ${instrumentation.externalVisitorsTracked}`);
   console.log(`  Sessions         : ${analytics.trafficMetrics.sessions}`);
   console.log(`  Page Views       : ${analytics.trafficMetrics.pageViews}`);
+  console.log(`  External Views   : ${instrumentation.externalPageViewsTracked}`);
   console.log(`  CTA Clicks       : ${analytics.trafficMetrics.ctaClicks}`);
   console.log(`  Leads            : ${analytics.funnel.acquisitionLeads}`);
   console.log(`  Sprint Leads     : ${analytics.pipeline.workflowSprintLeads.total}`);
@@ -1877,6 +1919,7 @@ function printDashboard(data) {
   console.log(`  Booked Revenue   : $${(analytics.revenue.bookedRevenueCents / 100).toFixed(2)}`);
   console.log(`  Matched Journeys : ${analytics.reconciliation.matchedPaidOrders}/${analytics.reconciliation.telemetryCheckoutStarts}`);
   console.log(`  Buyer Loss       : ${analytics.buyerLoss.totalSignals}`);
+  console.log(`  Data Quality     : ${analytics.firstPartyTrafficQuality.verdict} (${instrumentation.excludedTelemetryEvents}/${instrumentation.rawTelemetryEvents} excluded)`);
   if (analytics.telemetry.visitors.topSource) {
     console.log(`  Top Source       : ${analytics.telemetry.visitors.topSource.key} (${analytics.telemetry.visitors.topSource.count}\u00D7)`);
   }
@@ -1896,6 +1939,15 @@ function printDashboard(data) {
   console.log(`  GA4              : ${instrumentation.ga4Configured ? 'configured' : 'missing'}`);
   console.log(`  Search Console   : ${instrumentation.googleSearchConsoleConfigured ? 'configured' : 'missing'}`);
   console.log(`  Telemetry Events : ${instrumentation.telemetryEventsPresent ? instrumentation.uniqueVisitorsTracked : 0} visitors`);
+  console.log(`  Clean Visitors   : ${instrumentation.externalVisitorsTracked} external (${Math.round((instrumentation.internalTestPollutionRate || 0) * 100)}% internal/test/bot events)`);
+  console.log(`  Clean Paths      : ${instrumentation.externalVisitorPathsTracked} first-party paths`);
+  if (instrumentation.topExcludedTrafficReason) {
+    console.log(`  Top Exclusion    : ${instrumentation.topExcludedTrafficReason.key} (${instrumentation.topExcludedTrafficReason.count}\u00D7)`);
+  }
+  console.log(`  Plausible Export : ${instrumentation.plausibleExportConfigured ? 'configured' : 'missing API credentials'}`);
+  console.log(`  PostHog Export   : ${instrumentation.posthogExportConfigured ? 'configured' : 'missing API credentials'}`);
+  console.log(`  GA4 Export       : ${instrumentation.ga4ExportConfigured ? 'configured' : 'missing API credentials'}`);
+  console.log(`  Visitor Paths    : ${instrumentation.dashboardGradeExportReady ? 'export-ready' : 'not dashboard-grade in repo'}`);
   console.log(`  SEO Signals      : ${instrumentation.seoSignalsPresent ? analytics.seo.landingViews : 0}`);
   console.log(`  Buyer Loss       : ${instrumentation.buyerLossSignalsPresent ? analytics.buyerLoss.totalSignals : 0}`);
   console.log(`  Attribution      : ${Math.round((instrumentation.trafficAttributionCoverage || 0) * 100)}% page-view coverage`);

package/scripts/gates-engine.js

@@ -1953,12 +1953,12 @@ function buildBlockActionProCta() {
     if (totalBlocks < 5) return null; // Too early — let them experience the product
 
     if (totalBlocks < 25) {
-      return '\n\n💡 Pro: sync rules across machines + dashboard analytics → thumbgate.ai/go/pro';
+      return '\n\n💡 Pro: keep this rule synced across laptops, CI, containers, and agent runtimes → thumbgate.ai/go/pro';
     }
     if (totalBlocks < 100) {
-      return `\n\n💡 ${totalBlocks} actions blocked. Pro keeps rules in sync everywhere → thumbgate.ai/go/pro ($19/mo)`;
+      return `\n\n💡 ${totalBlocks} actions blocked. Pro keeps these lessons/rules synced everywhere → thumbgate.ai/go/pro ($19/mo)`;
     }
-    return `\n\n💡 ${totalBlocks} mistakes caught. Your team could use this → thumbgate.ai/go/pro`;
+    return `\n\n💡 ${totalBlocks} mistakes caught. Your team could use shared hosted enforcement → thumbgate.ai/go/pro`;
   } catch (_) {
     return null;
   }

package/scripts/plausible-server-events.js

@@ -25,7 +25,7 @@
 
 const https = require('node:https');
 
-const DEFAULT_PLAUSIBLE_DOMAIN = 'thumbgate-production.up.railway.app';
+const DEFAULT_PLAUSIBLE_DOMAIN = 'thumbgate.ai';
 const PLAUSIBLE_ENDPOINT = 'https://plausible.io/api/event';
 const REQUEST_TIMEOUT_MS = 2_000;
 
@@ -142,6 +142,7 @@ const CHECKOUT_EVENT_NAMES = Object.freeze({
   view: 'Checkout Pro Viewed',
   emailSubmitted: 'Checkout Pro Email Submitted',
   stripeRedirect: 'Checkout Pro Stripe Redirect Started',
+  purchase: 'Checkout Pro Purchase Completed',
 });
 
 function recordCheckoutFunnelEvent(stage, options = {}) {

package/scripts/rate-limiter.js

@@ -12,35 +12,37 @@ const {
 const USAGE_FILE = path.join(process.env.HOME || '/tmp', '.thumbgate', 'usage-limits.json');
 
 // ──────────────────────────────────────────────────────────
-// Free tier: generous on captures (habit formation) and rules
-// (5 active gates), gated on Pro-only features (recall, search,
-// exports). Dashboard, exports, and unlimited rules drive Pro.
+// Free tier: tight enough to create upgrade pressure after
+// real usage. Captures and rules are capped so heavy users
+// hit the wall within the first week, not the first quarter.
 // ──────────────────────────────────────────────────────────
 const FREE_TIER_LIMITS = {
-  capture_feedback:   { daily: Infinity, lifetime: Infinity, label: 'feedback captures' },
-  prevention_rules:   { daily: Infinity, lifetime: Infinity, label: 'prevention rules generated' },
+  capture_feedback:   { daily: 5,        lifetime: 25,       label: 'feedback captures (5/day, 25 total on free)' },
+  prevention_rules:   { daily: 2,        lifetime: 6,        label: 'prevention rules generated (2/day on free)' },
   recall:             { daily: 0,        lifetime: 0,        label: 'recall queries (Pro only)' },
   search_lessons:     { daily: 0,        lifetime: 0,        label: 'lesson searches (Pro only)' },
   search_thumbgate:   { daily: 0,        lifetime: 0,        label: 'ThumbGate searches (Pro only)' },
   commerce_recall:    { daily: 0,        lifetime: 0,        label: 'commerce recalls (Pro only)' },
   export_dpo:         { daily: 0,        lifetime: 0,        label: 'DPO exports (Pro only)' },
   export_databricks:  { daily: 0,        lifetime: 0,        label: 'Databricks exports (Pro only)' },
-  construct_context_pack: { daily: Infinity, lifetime: Infinity, label: 'context packs' },
+  construct_context_pack: { daily: 3,    lifetime: Infinity,  label: 'context packs (3/day on free)' },
 };
 
-const FREE_TIER_MAX_GATES = 5; // 5 active prevention rules on free; Pro is unlimited
-const FREE_TIER_DAILY_BLOCKS = 10; // 10 gate blocks/day on free; after limit, deny → warn + upgrade CTA
+const FREE_TIER_MAX_GATES = 3; // 3 active prevention rules on free; Pro is unlimited
+const FREE_TIER_DAILY_BLOCKS = 3; // 3 gate blocks/day on free; after limit, deny → warn + upgrade CTA
 
 const UPGRADE_MESSAGE = `Pro: ${PRO_PRICE_LABEL} — unlimited rules, recall, lesson search, dashboard, and exports: ${PRO_MONTHLY_PAYMENT_LINK}\n  Team: ${TEAM_PRICE_LABEL} after workflow qualification.`;
 
 const PAYWALL_MESSAGES = {
-  prevention_rules: 'Free tier includes 5 active prevention rules. Promote more or unlock unlimited rules with Pro.',
+  capture_feedback: 'Free tier: 5 captures/day (25 total). Your feedback is stored locally — upgrade to capture unlimited.',
+  prevention_rules: 'Free tier includes 3 active prevention rules and 2 rule generations/day. Upgrade to Pro for unlimited rules.',
   recall: 'Recall is a Pro feature. Your past feedback is stored locally — upgrade to search and reuse it.',
   search_lessons: 'Lesson search is a Pro feature. Upgrade to find patterns in your agent\'s mistakes.',
+  construct_context_pack: 'Free tier: 3 context packs/day. Upgrade to Pro for unlimited.',
   default: 'This feature requires Pro. Start Pro — card required; billed today.',
 };
 
-const TRIAL_DAYS = 14;
+const TRIAL_DAYS = 7;
 
 function getInstallAgeDays() {
   try {
@@ -91,7 +93,8 @@ function isProTier(authContext) {
     const { isProLicensed } = require('./license');
     if (isProLicensed()) return true;
   } catch (_) {}
-  // 14-day reverse trial: new installs get full Pro access
+  // 7-day reverse trial: new installs get full Pro access, then hit a clear
+  // hosted-sync/unlimited-rules pay moment while the product is still fresh.
   if (isInTrialPeriod()) return true;
   return false;
 }
@@ -164,9 +167,10 @@ function checkLimit(action, authContext) {
 
   // Check daily limit
   if (dailyLimit !== Infinity && dailyCurrent >= dailyLimit) {
+    const paywallMsg = PAYWALL_MESSAGES[action] || PAYWALL_MESSAGES.default;
     return {
       allowed: false,
-      message: `Daily limit reached. ${UPGRADE_MESSAGE}`,
+      message: `Daily limit reached. ${paywallMsg}\n\n${UPGRADE_MESSAGE}`,
       used: dailyCurrent,
       limit: dailyLimit,
       limitType: 'daily',

package/scripts/seo-gsd.js

@@ -155,6 +155,21 @@ const HIGH_ROI_QUERY_SEEDS = [
     91,
     'Captures research-led interest in how AI systems decide which brands and tools to recommend.',
   ),
+  querySeed(
+    'ai mode ads agent governance',
+    94,
+    'Conversational Google AI Mode ad demand where ThumbGate can become the cited answer for teams asking how to govern AI-agent actions, not just buy clicks.',
+  ),
+  querySeed(
+    'mcp tool governance',
+    95,
+    'High-intent MCP buyer query where teams need approval boundaries and audit proof before exposing tools to agents.',
+  ),
+  querySeed(
+    'ai agent pre action approval gates',
+    95,
+    'Bottom-of-funnel query for teams ready to add human approval and evidence requirements before AI agents touch risky tools.',
+  ),
   {
     query: 'thumbs up thumbs down feedback for ai coding agents',
     businessValue: 95,
@@ -1362,6 +1377,51 @@ const AI_RECOMMENDATION_VISIBILITY_GUIDE_SPECS = Object.freeze([
     ],
     relatedPaths: ['/guides/ai-search-topical-presence', '/compare/mem0'],
   },
+  {
+    slug: 'ai-mode-ads-agent-governance',
+    meta: {
+      query: 'ai mode ads agent governance',
+      title: 'AI Mode Ads for Agent Governance | Turn Buyer Prompts Into ThumbGate Demand',
+      heroTitle: 'AI Mode ads make agent-governance promotion conversational',
+      heroSummary: 'Google AI Mode and conversational ad formats shift promotion from click-chasing to answer ownership. ThumbGate should show up when buyers ask how to govern Claude Code, Cursor, Codex, Gemini, MCP tools, and risky agent actions.',
+    },
+    takeaways: [
+      'Conversational ads reward brands that answer the buyer question directly before the click.',
+      'ThumbGate should own prompts about pre-action gates, MCP tool governance, repeated AI-agent mistakes, and audit proof.',
+      'The best paid-search asset is an answer page with schema, proof links, and a checkout or workflow-intake path.',
+    ],
+    sections: [
+      ['paragraphs', 'Why conversational ads change the promotion plan', [
+        'Search ads are moving toward generated answers and product recommendations inside the search conversation. A buyer may not click ten blue links before forming an opinion; the assistant-like surface may summarize the category, compare options, and mention a vendor in one flow.',
+        'That means ThumbGate promotion has to be answer-shaped. The page must say exactly what ThumbGate is, which agent-risk problem it solves, which tools it supports, and what proof a buyer can verify before starting checkout or a Workflow Hardening Sprint.',
+      ]],
+      ['bullets', 'Buyer prompts ThumbGate should target', [
+        'How do I stop Claude Code or Cursor from repeating risky mistakes?',
+        'What is the pre-action approval layer for AI coding agents?',
+        'How do teams govern MCP tools before agents call them?',
+        'How do I audit AI-agent actions before production deploys, payments, or database writes?',
+        'What tool turns thumbs-down feedback into enforceable rules?',
+      ]],
+      ['paragraphs', 'How this page should be used', [
+        'Use this page as the landing asset for AI Mode, Gemini, and high-intent search experiments. Do not send conversational-ad traffic to a generic homepage first. Send it to the answer that mirrors the buyer prompt, then route warm readers to Pro checkout, the install guide, or workflow intake depending on intent.',
+      ]],
+    ],
+    faq: [
+      [
+        'How do AI Mode ads help ThumbGate?',
+        'They favor direct, conversational answers. ThumbGate benefits when it has pages that answer specific buyer prompts about AI-agent governance, MCP tool risk, pre-action approval gates, and repeated failure prevention.',
+      ],
+      [
+        'Should ThumbGate run broad Google Ads immediately?',
+        'No. The high-ROI path is to build answer assets first, then test narrow paid search or AI Mode campaigns against exact buyer prompts where the page, schema, proof links, and checkout route all match the question.',
+      ],
+      [
+        'What is the one-sentence ad answer?',
+        'ThumbGate is the pre-action execution gate for AI agents: it checks risky tool calls before they run, turns feedback into rules, and gives teams audit proof.',
+      ],
+    ],
+    relatedPaths: ['/guides/ai-search-topical-presence', '/guides/pre-action-checks', '/guides/mcp-tool-governance'],
+  },
 ]);
 
 function buildAiRecommendationVisibilityGuide(spec) {
@@ -1952,6 +2012,112 @@ const PAGE_BLUEPRINTS = [
   },
   ...BROWSER_BRIDGE_GUIDE_SPECS.map(buildBrowserBridgeGuide),
   ...AI_RECOMMENDATION_VISIBILITY_GUIDE_SPECS.map(buildAiRecommendationVisibilityGuide),
+  {
+    query: 'mcp tool governance',
+    path: '/guides/mcp-tool-governance',
+    pageType: 'guide',
+    pillar: 'pre-action-checks',
+    title: 'MCP Tool Governance | Pre-Action Gates Before Agents Call Tools',
+    heroTitle: 'MCP tool governance before agents call real systems',
+    heroSummary: 'MCP makes tools easy for agents to discover and call. ThumbGate adds the missing governance layer: approval boundaries, evidence requirements, and audit logs before high-risk MCP tool calls execute.',
+    takeaways: [
+      'MCP adoption expands what agents can touch, so teams need a tool-call control plane.',
+      'Governance belongs before execution, not only in post-run logs or prompt rules.',
+      'ThumbGate turns feedback, policies, and evidence requirements into enforceable pre-action gates for MCP-compatible agent workflows.',
+    ],
+    sections: [
+      {
+        heading: 'Why MCP changes the risk model',
+        paragraphs: [
+          'MCP turns databases, file systems, browsers, ticketing systems, cloud APIs, and internal tools into surfaces an agent can call. That is useful, but it also means a bad plan can become a real action faster than a human reviewer can notice.',
+          'The governance question is no longer only which tools exist. It is which agent, workflow, branch, file path, command, customer record, or environment is allowed to use each tool under which proof requirements.',
+        ],
+      },
+      {
+        heading: 'What MCP tool governance needs',
+        bullets: [
+          'Tool inventory: know which tools are exposed to which agents and runtimes.',
+          'Risk tiers: classify destructive, customer-facing, production, payment, and data-export tools differently from read-only tools.',
+          'Pre-action checks: require evidence or approval before risky calls execute.',
+          'Feedback loops: turn thumbs-down reviews and incidents into reusable prevention rules.',
+          'Audit proof: log allowed, blocked, and approved tool calls with enough context for review.',
+        ],
+      },
+      {
+        heading: 'Where ThumbGate fits',
+        paragraphs: [
+          'ThumbGate sits between generated intent and executed action. The agent can still plan and propose MCP tool calls, but ThumbGate checks the call against learned lessons, policy boundaries, evidence requirements, and workflow risk before the tool runs.',
+        ],
+      },
+    ],
+    faq: [
+      {
+        question: 'What is MCP tool governance?',
+        answer: 'MCP tool governance is the policy, approval, evidence, and audit layer around tools exposed through Model Context Protocol so agents do not call high-risk systems without the right checks.',
+      },
+      {
+        question: 'How is this different from an MCP server allowlist?',
+        answer: 'An allowlist says a tool exists or is available. ThumbGate adds runtime context: tool arguments, branch, path, environment, prior feedback, evidence requirements, and whether this exact action should be allowed now.',
+      },
+      {
+        question: 'Can ThumbGate work across multiple MCP-compatible agents?',
+        answer: 'Yes. The same local-first lesson and pre-action gate pattern is designed for Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, and MCP-compatible workflows.',
+      },
+    ],
+    relatedPaths: ['/guides/pre-action-checks', '/guides/ai-mode-ads-agent-governance', '/guides/background-agent-governance'],
+  },
+  {
+    query: 'ai agent pre action approval gates',
+    path: '/guides/ai-agent-pre-action-approval-gates',
+    pageType: 'guide',
+    pillar: 'pre-action-checks',
+    title: 'AI Agent Pre-Action Approval Gates | Human Review Before Risky Tool Calls',
+    heroTitle: 'AI agent pre-action approval gates for risky tool calls',
+    heroSummary: 'Human review after the damage lands is too late. ThumbGate adds pre-action approval gates so risky AI-agent commands, deploys, file edits, API calls, and MCP tool calls can require evidence or explicit approval before execution.',
+    takeaways: [
+      'Approval gates matter most at the action boundary, where the agent is about to touch files, terminals, APIs, CI, payments, or production systems.',
+      'The right gate can block, pause for approval, or log-and-continue depending on risk.',
+      'ThumbGate converts prior thumbs-downs, workflow policies, and verification expectations into reusable approval rules.',
+    ],
+    sections: [
+      {
+        heading: 'Why approval must happen before execution',
+        paragraphs: [
+          'Many agent failures are irreversible or expensive by the time a post-run reviewer sees them: force-pushes, destructive SQL, unsafe deploys, leaked secrets, customer-facing messages, and runaway API calls.',
+          'A pre-action approval gate pauses the action while there is still something to decide. The agent keeps its speed on safe work, but risky work requires proof, policy match, or a human yes.',
+        ],
+      },
+      {
+        heading: 'Three practical gate outcomes',
+        bullets: [
+          'Block: deny known-bad actions such as force-pushing protected branches or touching secret files.',
+          'Approve: pause production deploys, schema migrations, payment actions, or customer-facing sends until a human approves.',
+          'Log: allow lower-risk actions while preserving audit evidence for review and future lessons.',
+        ],
+      },
+      {
+        heading: 'How ThumbGate turns approvals into learning',
+        paragraphs: [
+          'Every approval, block, and thumbs-down gives the system better operating context. Repeated failures become prevention rules, accepted safe paths become reinforced lessons, and the audit trail gives teams evidence that the boundary fired before execution.',
+        ],
+      },
+    ],
+    faq: [
+      {
+        question: 'What should require a pre-action approval gate?',
+        answer: 'Production deploys, destructive database actions, protected-branch writes, payment or refund actions, customer-facing sends, secret or PII access, high-cost API calls, and any repeated failure pattern the team has already corrected once.',
+      },
+      {
+        question: 'Do approval gates slow every agent action down?',
+        answer: 'No. Good gates are risk-tiered. Safe actions can continue, uncertain actions can be logged, risky actions can pause for approval, and known-bad actions can be blocked.',
+      },
+      {
+        question: 'How does ThumbGate know what to block?',
+        answer: 'ThumbGate uses explicit feedback, learned lessons, policy templates, command and path context, evidence requirements, and prior gate outcomes to decide whether the proposed action should proceed.',
+      },
+    ],
+    relatedPaths: ['/guides/pre-action-checks', '/guides/mcp-tool-governance', '/guides/ai-agent-governance-sprint'],
+  },
   guideBlueprint({
     query: 'autoresearch agent safety',
     path: '/guides/autoresearch-agent-safety',
@@ -2756,7 +2922,7 @@ function renderSeoPageHtml(page, runtimeConfig = {}) {
   <meta property="og:type" content="article" />
   <meta property="og:url" content="${escapeHtml(canonicalUrl)}" />
   <link rel="canonical" href="${escapeHtml(canonicalUrl)}" />
-  <link rel="llm-context" href="/public/llm-context.md" type="text/markdown" />
+  <link rel="llm-context" href="/llm-context.md" type="text/markdown" />
   <link rel="icon" type="image/svg+xml" href="/thumbgate-icon.png" />
   <link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg" />
   <meta property="og:image" content="/og.png" />