thumbgate 1.23.1 → 1.23.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. package/.claude-plugin/marketplace.json +5 -5
  2. package/.claude-plugin/plugin.json +2 -2
  3. package/.well-known/llms.txt +26 -11
  4. package/.well-known/mcp/server-card.json +8 -8
  5. package/README.md +69 -34
  6. package/adapters/claude/.mcp.json +2 -2
  7. package/adapters/mcp/server-stdio.js +1 -1
  8. package/adapters/opencode/opencode.json +1 -1
  9. package/bin/cli.js +39 -16
  10. package/bin/postinstall.js +11 -22
  11. package/config/gate-templates.json +72 -0
  12. package/config/github-about.json +1 -1
  13. package/config/post-deploy-marketing-pages.json +6 -1
  14. package/package.json +5 -5
  15. package/public/agent-manager.html +3 -3
  16. package/public/agents-cost-savings.html +3 -3
  17. package/public/ai-malpractice-prevention.html +278 -7
  18. package/public/blog.html +3 -3
  19. package/public/codex-enterprise.html +3 -3
  20. package/public/codex-plugin.html +4 -4
  21. package/public/compare.html +6 -6
  22. package/public/dashboard.html +211 -126
  23. package/public/guide.html +5 -5
  24. package/public/index.html +156 -47
  25. package/public/learn.html +24 -10
  26. package/public/lessons.html +2 -2
  27. package/public/numbers.html +6 -6
  28. package/public/pricing.html +6 -5
  29. package/public/pro.html +1 -0
  30. package/scripts/billing.js +17 -0
  31. package/scripts/commercial-offer.js +4 -1
  32. package/scripts/dashboard.js +53 -1
  33. package/scripts/gates-engine.js +3 -3
  34. package/scripts/plausible-server-events.js +2 -1
  35. package/scripts/rate-limiter.js +16 -12
  36. package/scripts/seo-gsd.js +167 -1
  37. package/scripts/telemetry-analytics.js +310 -0
  38. package/scripts/visitor-journey.js +172 -0
  39. package/src/api/server.js +65 -29
  40. package/adapters/chatgpt/openapi.yaml +0 -1705
package/adapters/chatgpt/openapi.yaml DELETED
@@ -1,1705 +0,0 @@
1
- openapi: 3.1.0
2
- info:
3
- title: ThumbGate API
4
- version: 1.2.0
5
- description: |
6
- Production API for feedback capture, schema-validated memory promotion,
7
- prevention rule generation, and DPO export.
8
- Bare up/down signals are logged immediately, but the API returns
9
- clarification_required until one sentence explains what worked or failed.
10
- When the explanation is specific enough, ThumbGate infers a domain tag if
11
- the caller omitted manual tags so the feedback can still promote cleanly.
12
- servers:
13
- - url: https://thumbgate-production.up.railway.app
14
- security:
15
- - bearerAuth: []
16
- components:
17
- securitySchemes:
18
- bearerAuth:
19
- type: http
20
- scheme: bearer
21
- bearerFormat: API Key
22
- schemas:
23
- RubricScore:
24
- type: object
25
- required: [criterion, score]
26
- properties:
27
- criterion:
28
- type: string
29
- score:
30
- type: number
31
- minimum: 1
32
- maximum: 5
33
- evidence:
34
- type: string
35
- judge:
36
- type: string
37
- CaptureFeedbackRequest:
38
- type: object
39
- required: [signal]
40
- properties:
41
- signal:
42
- type: string
43
- enum: [up, down, positive, negative]
44
- context:
45
- type: string
46
- description: One-sentence reason describing what worked or failed
47
- whatWentWrong:
48
- type: string
49
- whatToChange:
50
- type: string
51
- whatWorked:
52
- type: string
53
- rubricScores:
54
- type: array
55
- items:
56
- $ref: '#/components/schemas/RubricScore'
57
- guardrails:
58
- type: object
59
- properties:
60
- testsPassed:
61
- type: boolean
62
- pathSafety:
63
- type: boolean
64
- budgetCompliant:
65
- type: boolean
66
- tags:
67
- oneOf:
68
- - type: array
69
- items:
70
- type: string
71
- - type: string
72
- description: Optional domain tags. If omitted, ThumbGate infers one from the feedback text before promotion.
73
- skill:
74
- type: string
75
- source:
76
- type: string
77
- enum: [chatgpt_gpt]
78
- default: chatgpt_gpt
79
- description: Attribution marker for ThumbGate analytics. The published ThumbGate GPT should send `chatgpt_gpt` so owner dashboards can distinguish GPT Action calls from local API calls.
80
- IntentPlanRequest:
81
- type: object
82
- required: [intentId]
83
- properties:
84
- intentId:
85
- type: string
86
- context:
87
- type: string
88
- mcpProfile:
89
- type: string
90
- bundleId:
91
- type: string
92
- partnerProfile:
93
- type: string
94
- delegationMode:
95
- type: string
96
- enum: [off, auto, sequential]
97
- approved:
98
- type: boolean
99
- repoPath:
100
- type: string
101
- InternalAgentBootstrapRequest:
102
- type: object
103
- required: [source]
104
- properties:
105
- source:
106
- type: string
107
- enum: [github, slack, linear, api, cli]
108
- repoPath:
109
- type: string
110
- prepareSandbox:
111
- type: boolean
112
- sandboxRoot:
113
- type: string
114
- intentId:
115
- type: string
116
- context:
117
- type: string
118
- mcpProfile:
119
- type: string
120
- partnerProfile:
121
- type: string
122
- delegationMode:
123
- type: string
124
- enum: [off, auto, sequential]
125
- approved:
126
- type: boolean
127
- trigger:
128
- type: object
129
- properties:
130
- type:
131
- type: string
132
- id:
133
- type: string
134
- url:
135
- type: string
136
- actor:
137
- type: string
138
- thread:
139
- type: object
140
- properties:
141
- id:
142
- type: string
143
- title:
144
- type: string
145
- url:
146
- type: string
147
- task:
148
- type: object
149
- properties:
150
- title:
151
- type: string
152
- body:
153
- type: string
154
- number:
155
- type: string
156
- branch:
157
- type: string
158
- labels:
159
- type: array
160
- items:
161
- type: string
162
- comments:
163
- type: array
164
- items:
165
- type: object
166
- properties:
167
- author:
168
- type: string
169
- text:
170
- type: string
171
- timestamp:
172
- type: string
173
- messages:
174
- type: array
175
- items:
176
- type: object
177
- properties:
178
- author:
179
- type: string
180
- text:
181
- type: string
182
- timestamp:
183
- type: string
184
- HandoffStartRequest:
185
- type: object
186
- required: [intentId]
187
- properties:
188
- intentId:
189
- type: string
190
- context:
191
- type: string
192
- mcpProfile:
193
- type: string
194
- bundleId:
195
- type: string
196
- partnerProfile:
197
- type: string
198
- approved:
199
- type: boolean
200
- repoPath:
201
- type: string
202
- delegateProfile:
203
- type: string
204
- plannedChecks:
205
- type: array
206
- items:
207
- type: string
208
- HandoffCompleteRequest:
209
- type: object
210
- required: [handoffId, outcome]
211
- properties:
212
- handoffId:
213
- type: string
214
- outcome:
215
- type: string
216
- enum: [accepted, rejected, aborted]
217
- resultContext:
218
- type: string
219
- attempts:
220
- type: number
221
- violationCount:
222
- type: number
223
- tokenEstimate:
224
- type: number
225
- latencyMs:
226
- type: number
227
- summary:
228
- type: string
229
- BillingCheckoutRequest:
230
- type: object
231
- properties:
232
- successUrl:
233
- type: string
234
- format: uri
235
- cancelUrl:
236
- type: string
237
- format: uri
238
- customerEmail:
239
- type: string
240
- format: email
241
- installId:
242
- type: string
243
- metadata:
244
- type: object
245
- additionalProperties:
246
- type: string
247
- BillingProvisionRequest:
248
- type: object
249
- required: [customerId]
250
- properties:
251
- customerId:
252
- type: string
253
- installId:
254
- type: string
255
- WorkflowSprintIntakeRequest:
256
- type: object
257
- required: [email, workflow, owner, blocker, runtime]
258
- properties:
259
- email:
260
- type: string
261
- format: email
262
- company:
263
- type: string
264
- workflow:
265
- type: string
266
- owner:
267
- type: string
268
- blocker:
269
- type: string
270
- runtime:
271
- type: string
272
- note:
273
- type: string
274
- acquisitionId:
275
- type: string
276
- visitorId:
277
- type: string
278
- sessionId:
279
- type: string
280
- traceId:
281
- type: string
282
- installId:
283
- type: string
284
- source:
285
- type: string
286
- utmSource:
287
- type: string
288
- utmMedium:
289
- type: string
290
- utmCampaign:
291
- type: string
292
- utmContent:
293
- type: string
294
- utmTerm:
295
- type: string
296
- community:
297
- type: string
298
- postId:
299
- type: string
300
- commentId:
301
- type: string
302
- campaignVariant:
303
- type: string
304
- offerCode:
305
- type: string
306
- ctaId:
307
- type: string
308
- ctaPlacement:
309
- type: string
310
- planId:
311
- type: string
312
- page:
313
- type: string
314
- landingPath:
315
- type: string
316
- referrerHost:
317
- type: string
318
- referrer:
319
- type: string
320
- WorkflowSprintIntakeResponse:
321
- type: object
322
- properties:
323
- ok:
324
- type: boolean
325
- leadId:
326
- type: string
327
- status:
328
- type: string
329
- offer:
330
- type: string
331
- nextStep:
332
- type: string
333
- proofPackUrl:
334
- type: string
335
- format: uri
336
- sprintBriefUrl:
337
- type: string
338
- format: uri
339
- WorkflowSprintAdvanceRequest:
340
- type: object
341
- required: [leadId, status]
342
- properties:
343
- leadId:
344
- type: string
345
- status:
346
- type: string
347
- enum: [new, qualified, named_pilot, proof_backed_run, paid_team]
348
- actor:
349
- type: string
350
- note:
351
- type: string
352
- reviewedBy:
353
- type: string
354
- workflowId:
355
- type: string
356
- teamId:
357
- type: string
358
- proofArtifacts:
359
- type: array
360
- items:
361
- type: string
362
- WorkflowSprintAdvanceResponse:
363
- type: object
364
- properties:
365
- ok:
366
- type: boolean
367
- unchanged:
368
- type: boolean
369
- lead:
370
- type: object
371
- additionalProperties: true
372
- workflowRun:
373
- type: object
374
- nullable: true
375
- additionalProperties: true
376
- FunnelAnalyticsResponse:
377
- type: object
378
- properties:
379
- totalEvents:
380
- type: integer
381
- stageCounts:
382
- type: object
383
- properties:
384
- acquisition:
385
- type: integer
386
- activation:
387
- type: integer
388
- paid:
389
- type: integer
390
- eventCounts:
391
- type: object
392
- additionalProperties:
393
- type: integer
394
- conversionRates:
395
- type: object
396
- properties:
397
- acquisitionToActivation:
398
- type: number
399
- activationToPaid:
400
- type: number
401
- acquisitionToPaid:
402
- type: number
403
- paidProviderEvents:
404
- type: integer
405
- BillingSummaryResponse:
406
- type: object
407
- properties:
408
- generatedAt:
409
- type: string
410
- format: date-time
411
- coverage:
412
- type: object
413
- properties:
414
- source:
415
- type: string
416
- tracksBookedRevenue:
417
- type: boolean
418
- tracksPaidOrders:
419
- type: boolean
420
- tracksInvoices:
421
- type: boolean
422
- tracksAttribution:
423
- type: boolean
424
- providerCoverage:
425
- type: object
426
- additionalProperties:
427
- type: string
428
- funnel:
429
- allOf:
430
- - $ref: '#/components/schemas/FunnelAnalyticsResponse'
431
- - type: object
432
- properties:
433
- uniqueAcquisitionLeads:
434
- type: integer
435
- uniquePaidCustomers:
436
- type: integer
437
- firstPaidAt:
438
- type: string
439
- nullable: true
440
- lastPaidAt:
441
- type: string
442
- nullable: true
443
- lastPaidEvent:
444
- type: object
445
- nullable: true
446
- properties:
447
- timestamp:
448
- type: string
449
- nullable: true
450
- event:
451
- type: string
452
- nullable: true
453
- evidence:
454
- type: string
455
- nullable: true
456
- customerId:
457
- type: string
458
- nullable: true
459
- traceId:
460
- type: string
461
- nullable: true
462
- signups:
463
- type: object
464
- properties:
465
- total:
466
- type: integer
467
- uniqueLeads:
468
- type: integer
469
- bySource:
470
- type: object
471
- additionalProperties:
472
- type: integer
473
- byCampaign:
474
- type: object
475
- additionalProperties:
476
- type: integer
477
- pipeline:
478
- type: object
479
- properties:
480
- workflowSprintLeads:
481
- type: object
482
- properties:
483
- total:
484
- type: integer
485
- bySource:
486
- type: object
487
- additionalProperties:
488
- type: integer
489
- qualifiedWorkflowSprintLeads:
490
- type: object
491
- properties:
492
- total:
493
- type: integer
494
- bySource:
495
- type: object
496
- additionalProperties:
497
- type: integer
498
- revenue:
499
- type: object
500
- properties:
501
- paidProviderEvents:
502
- type: integer
503
- paidOrders:
504
- type: integer
505
- paidCustomers:
506
- type: integer
507
- bookedRevenueCents:
508
- type: integer
509
- bookedRevenueByCurrency:
510
- type: object
511
- additionalProperties:
512
- type: integer
513
- amountKnownOrders:
514
- type: integer
515
- amountUnknownOrders:
516
- type: integer
517
- amountKnownCoverageRate:
518
- type: number
519
- unreconciledPaidEvents:
520
- type: integer
521
- latestPaidAt:
522
- type: string
523
- nullable: true
524
- latestPaidOrder:
525
- type: object
526
- nullable: true
527
- properties:
528
- timestamp:
529
- type: string
530
- nullable: true
531
- provider:
532
- type: string
533
- nullable: true
534
- event:
535
- type: string
536
- nullable: true
537
- orderId:
538
- type: string
539
- nullable: true
540
- customerId:
541
- type: string
542
- nullable: true
543
- amountCents:
544
- type: integer
545
- nullable: true
546
- currency:
547
- type: string
548
- nullable: true
549
- amountKnown:
550
- type: boolean
551
- byProvider:
552
- type: object
553
- additionalProperties:
554
- type: object
555
- properties:
556
- paidOrders:
557
- type: integer
558
- bookedRevenueCents:
559
- type: integer
560
- amountKnownOrders:
561
- type: integer
562
- amountUnknownOrders:
563
- type: integer
564
- bookedRevenueByCurrency:
565
- type: object
566
- additionalProperties:
567
- type: integer
568
- attribution:
569
- type: object
570
- properties:
571
- acquisitionBySource:
572
- type: object
573
- additionalProperties:
574
- type: integer
575
- acquisitionByCampaign:
576
- type: object
577
- additionalProperties:
578
- type: integer
579
- paidBySource:
580
- type: object
581
- additionalProperties:
582
- type: integer
583
- paidByCampaign:
584
- type: object
585
- additionalProperties:
586
- type: integer
587
- bookedRevenueBySourceCents:
588
- type: object
589
- additionalProperties:
590
- type: integer
591
- bookedRevenueByCampaignCents:
592
- type: object
593
- additionalProperties:
594
- type: integer
595
- conversionBySource:
596
- type: object
597
- additionalProperties:
598
- type: number
599
- conversionByCampaign:
600
- type: object
601
- additionalProperties:
602
- type: number
603
- keys:
604
- type: object
605
- properties:
606
- total:
607
- type: integer
608
- active:
609
- type: integer
610
- disabled:
611
- type: integer
612
- activeCustomers:
613
- type: integer
614
- totalUsage:
615
- type: integer
616
- bySource:
617
- type: object
618
- additionalProperties:
619
- type: integer
620
- activeBySource:
621
- type: object
622
- additionalProperties:
623
- type: integer
624
- customers:
625
- type: array
626
- items:
627
- type: object
628
- properties:
629
- customerId:
630
- type: string
631
- activeKeys:
632
- type: integer
633
- totalKeys:
634
- type: integer
635
- usageCount:
636
- type: integer
637
- source:
638
- type: string
639
- installId:
640
- type: string
641
- nullable: true
642
- createdAt:
643
- type: string
644
- nullable: true
645
- disabledAt:
646
- type: string
647
- nullable: true
648
- trafficMetrics:
649
- type: object
650
- properties:
651
- visitors:
652
- type: integer
653
- sessions:
654
- type: integer
655
- pageViews:
656
- type: integer
657
- ctaClicks:
658
- type: integer
659
- checkoutStarts:
660
- type: integer
661
- buyerLossFeedback:
662
- type: integer
663
- seoLandingViews:
664
- type: integer
665
- operatorGeneratedAcquisition:
666
- type: object
667
- properties:
668
- totalEvents:
669
- type: integer
670
- uniqueLeads:
671
- type: integer
672
- bySource:
673
- type: object
674
- additionalProperties:
675
- type: integer
676
- dataQuality:
677
- type: object
678
- properties:
679
- telemetryCoverage:
680
- type: number
681
- attributionCoverage:
682
- type: number
683
- amountKnownCoverage:
684
- type: number
685
- unreconciledPaidEvents:
686
- type: integer
687
- paths:
688
- /healthz:
689
- get:
690
- operationId: healthz
691
- responses:
692
- '200':
693
- description: Service health
694
- '401':
695
- description: Unauthorized
696
- /v1/feedback/capture:
697
- post:
698
- operationId: captureFeedback
699
- requestBody:
700
- required: true
701
- content:
702
- application/json:
703
- schema:
704
- $ref: '#/components/schemas/CaptureFeedbackRequest'
705
- responses:
706
- '200':
707
- description: Feedback accepted and promoted to memory
708
- '422':
709
- description: Feedback logged only; clarification required or promotion rejected
710
- '401':
711
- description: Unauthorized
712
- /v1/feedback/stats:
713
- get:
714
- operationId: getFeedbackStats
715
- responses:
716
- '200':
717
- description: Aggregated feedback statistics
718
- '401':
719
- description: Unauthorized
720
- /v1/feedback/infer:
721
- post:
722
- operationId: inferLessonFromHistory
723
- requestBody:
724
- required: true
725
- content:
726
- application/json:
727
- schema:
728
- $ref: '#/components/schemas/InferLessonRequest'
729
- responses:
730
- '200':
731
- description: Distilled lesson from chat history
732
- '401':
733
- description: Unauthorized
734
- /v1/telemetry/ping:
735
- post:
736
- operationId: recordTelemetryPing
737
- requestBody:
738
- required: false
739
- content:
740
- application/json:
741
- schema:
742
- type: object
743
- additionalProperties: true
744
- responses:
745
- '204':
746
- description: Telemetry accepted on a best-effort basis
747
- /v1/analytics/funnel:
748
- get:
749
- operationId: getFunnelAnalytics
750
- responses:
751
- '200':
752
- description: Acquisition/activation/paid funnel metrics from append-only ledger
753
- content:
754
- application/json:
755
- schema:
756
- $ref: '#/components/schemas/FunnelAnalyticsResponse'
757
- '401':
758
- description: Unauthorized
759
- /v1/analytics/losses:
760
- get:
761
- operationId: getLossAnalytics
762
- parameters:
763
- - in: query
764
- name: window
765
- schema:
766
- type: string
767
- enum: [today, 7d, 30d, lifetime]
768
- - in: query
769
- name: timezone
770
- schema:
771
- type: string
772
- - in: query
773
- name: now
774
- schema:
775
- type: string
776
- format: date-time
777
- responses:
778
- '200':
779
- description: Ranked buyer-loss and revenue-opportunity analysis for the active analytics window
780
- content:
781
- application/json:
782
- schema:
783
- type: object
784
- additionalProperties: true
785
- '401':
786
- description: Unauthorized
787
- /v1/dashboard:
788
- get:
789
- operationId: getDashboard
790
- parameters:
791
- - in: query
792
- name: window
793
- schema:
794
- type: string
795
- enum: [today, 7d, 30d, lifetime]
796
- - in: query
797
- name: timezone
798
- schema:
799
- type: string
800
- - in: query
801
- name: now
802
- schema:
803
- type: string
804
- format: date-time
805
- responses:
806
- '200':
807
- description: Full ThumbGate dashboard with feedback, telemetry, funnel, and observability analytics
808
- content:
809
- application/json:
810
- schema:
811
- type: object
812
- additionalProperties: true
813
- '401':
814
- description: Unauthorized
815
- /v1/dashboard/review-state:
816
- get:
817
- operationId: getDashboardReviewState
818
- responses:
819
- '200':
820
- description: Persisted dashboard review checkpoint and the current delta since that checkpoint
821
- content:
822
- application/json:
823
- schema:
824
- type: object
825
- additionalProperties: true
826
- '401':
827
- description: Unauthorized
828
- post:
829
- operationId: markDashboardReviewed
830
- responses:
831
- '200':
832
- description: Persist and return the current dashboard review checkpoint
833
- content:
834
- application/json:
835
- schema:
836
- type: object
837
- additionalProperties: true
838
- '401':
839
- description: Unauthorized
840
- /v1/dashboard/render-spec:
841
- get:
842
- operationId: getDashboardRenderSpec
843
- parameters:
844
- - in: query
845
- name: view
846
- schema:
847
- type: string
848
- enum: [team-review, incident-review, workflow-rollout]
849
- - in: query
850
- name: window
851
- schema:
852
- type: string
853
- enum: [today, 7d, 30d, lifetime]
854
- - in: query
855
- name: timezone
856
- schema:
857
- type: string
858
- - in: query
859
- name: now
860
- schema:
861
- type: string
862
- format: date-time
863
- responses:
864
- '200':
865
- description: Constrained JSON render spec for hosted Team and operations dashboard views
866
- content:
867
- application/json:
868
- schema:
869
- type: object
870
- additionalProperties: true
871
- '400':
872
- description: Invalid dashboard render view or query
873
- '401':
874
- description: Unauthorized
875
- /v1/decisions/evaluate:
876
- post:
877
- operationId: evaluateDecision
878
- requestBody:
879
- required: true
880
- content:
881
- application/json:
882
- schema:
883
- type: object
884
- properties:
885
- toolName:
886
- type: string
887
- description: Tool name is optional when provider-native tool call payload is supplied.
888
- source:
889
- type: string
890
- enum: [chatgpt_gpt]
891
- default: chatgpt_gpt
892
- description: Attribution marker for ThumbGate analytics. The published ThumbGate GPT should send `chatgpt_gpt` so owner dashboards can distinguish GPT Action calls from local API calls.
893
- provider:
894
- type: string
895
- model:
896
- type: string
897
- providerToolCall:
898
- type: object
899
- additionalProperties: true
900
- toolCall:
901
- type: object
902
- additionalProperties: true
903
- toolUse:
904
- type: object
905
- additionalProperties: true
906
- content:
907
- type: array
908
- items:
909
- type: object
910
- additionalProperties: true
911
- input:
912
- type: object
913
- additionalProperties: true
914
- arguments:
915
- type: object
916
- additionalProperties: true
917
- method:
918
- type: string
919
- params:
920
- type: object
921
- additionalProperties: true
922
- mcp:
923
- type: object
924
- additionalProperties: true
925
- mcpToolCall:
926
- type: object
927
- additionalProperties: true
928
- usage:
929
- type: object
930
- additionalProperties: true
931
- tokenEstimate:
932
- type: number
933
- costUsd:
934
- type: number
935
- budget:
936
- type: object
937
- additionalProperties: true
938
- workflowPattern:
939
- type: string
940
- enum: [single_action, chaining, routing, parallelization, evaluator-optimizer, agent]
941
- workflow:
942
- type: object
943
- additionalProperties: true
944
- goal:
945
- type: string
946
- tools:
947
- type: array
948
- items:
949
- type: string
950
- branches:
951
- type: array
952
- items:
953
- type: string
954
- steps:
955
- type: array
956
- items:
957
- type: string
958
- routes:
959
- type: array
960
- items:
961
- type: string
962
- command:
963
- type: string
964
- filePath:
965
- type: string
966
- changedFiles:
967
- type: array
968
- items:
969
- type: string
970
- repoPath:
971
- type: string
972
- baseBranch:
973
- type: string
974
- requirePrForReleaseSensitive:
975
- type: boolean
976
- requireVersionNotBehindBase:
977
- type: boolean
978
- workflowDispatch:
979
- type: object
980
- description: Evidence required before running `gh workflow run` or another environment-specific workflow dispatch.
981
- properties:
982
- environment:
983
- type: string
984
- description: Requested environment such as dev, staging, beta, or release.
985
- workflow:
986
- type: string
987
- description: Expected workflow file or workflow name.
988
- ref:
989
- type: string
990
- description: Expected branch or ref passed to the workflow dispatch command.
991
- sha:
992
- type: string
993
- description: Expected HEAD SHA to verify before and after dispatch.
994
- job:
995
- type: string
996
- description: Expected job name to verify before reporting the workflow URL.
997
- responses:
998
- '200':
999
- description: Persisted workflow-sentinel recommendation with decision-control metadata and actionId
1000
- content:
1001
- application/json:
1002
- schema:
1003
- type: object
1004
- additionalProperties: true
1005
- '400':
1006
- description: Invalid decision evaluation request
1007
- '401':
1008
- description: Unauthorized
1009
- /v1/decisions/outcome:
1010
- post:
1011
- operationId: recordDecisionOutcome
1012
- requestBody:
1013
- required: true
1014
- content:
1015
- application/json:
1016
- schema:
1017
- type: object
1018
- required: [actionId, outcome]
1019
- properties:
1020
- actionId:
1021
- type: string
1022
- outcome:
1023
- type: string
1024
- actualDecision:
1025
- type: string
1026
- actor:
1027
- type: string
1028
- notes:
1029
- type: string
1030
- latencyMs:
1031
- type: number
1032
- metadata:
1033
- type: object
1034
- additionalProperties: true
1035
- responses:
1036
- '200':
1037
- description: Recorded a decision override, rollback, completion, or block outcome
1038
- content:
1039
- application/json:
1040
- schema:
1041
- type: object
1042
- additionalProperties: true
1043
- '400':
1044
- description: Invalid decision outcome request
1045
- '401':
1046
- description: Unauthorized
1047
- /v1/decisions/metrics:
1048
- get:
1049
- operationId: getDecisionMetrics
1050
- responses:
1051
- '200':
1052
- description: Decision-loop metrics derived from recorded evaluations and outcomes
1053
- content:
1054
- application/json:
1055
- schema:
1056
- type: object
1057
- additionalProperties: true
1058
- '401':
1059
- description: Unauthorized
1060
- /v1/settings/status:
1061
- get:
1062
- operationId: getSettingsStatus
1063
- responses:
1064
- '200':
1065
- description: Resolved settings hierarchy with per-field origin metadata for managed, user, project, and local scopes
1066
- content:
1067
- application/json:
1068
- schema:
1069
- type: object
1070
- additionalProperties: true
1071
- '401':
1072
- description: Unauthorized
1073
- /v1/billing/summary:
1074
- get:
1075
- operationId: getBillingSummary
1076
- responses:
1077
- '200':
1078
- description: Admin-only business summary from the funnel ledger, revenue ledger, and key store
1079
- content:
1080
- application/json:
1081
- schema:
1082
- $ref: '#/components/schemas/BillingSummaryResponse'
1083
- '401':
1084
- description: Unauthorized
1085
- '403':
1086
- description: Forbidden
1087
- /v1/intake/workflow-sprint:
1088
- post:
1089
- operationId: submitWorkflowSprintIntake
1090
- requestBody:
1091
- required: true
1092
- content:
1093
- application/json:
1094
- schema:
1095
- $ref: '#/components/schemas/WorkflowSprintIntakeRequest'
1096
- responses:
1097
- '201':
1098
- description: Workflow Hardening Sprint lead accepted
1099
- content:
1100
- application/json:
1101
- schema:
1102
- $ref: '#/components/schemas/WorkflowSprintIntakeResponse'
1103
- '400':
1104
- description: Invalid sprint intake request
1105
- /v1/intake/workflow-sprint/advance:
1106
- post:
1107
- operationId: advanceWorkflowSprintLead
1108
- requestBody:
1109
- required: true
1110
- content:
1111
- application/json:
1112
- schema:
1113
- $ref: '#/components/schemas/WorkflowSprintAdvanceRequest'
1114
- responses:
1115
- '200':
1116
- description: Workflow Hardening Sprint lead advanced to the next state
1117
- content:
1118
- application/json:
1119
- schema:
1120
- $ref: '#/components/schemas/WorkflowSprintAdvanceResponse'
1121
- '400':
1122
- description: Invalid sprint advancement request
1123
- '403':
1124
- description: Forbidden
1125
- /v1/intents/catalog:
1126
- get:
1127
- operationId: listIntentCatalog
1128
- parameters:
1129
- - in: query
1130
- name: mcpProfile
1131
- schema:
1132
- type: string
1133
- - in: query
1134
- name: bundleId
1135
- schema:
1136
- type: string
1137
- - in: query
1138
- name: partnerProfile
1139
- schema:
1140
- type: string
1141
- responses:
1142
- '200':
1143
- description: Intent catalog with risk and checkpoint metadata
1144
- '401':
1145
- description: Unauthorized
1146
- /v1/intents/plan:
1147
- post:
1148
- operationId: planIntent
1149
- requestBody:
1150
- required: true
1151
- content:
1152
- application/json:
1153
- schema:
1154
- $ref: '#/components/schemas/IntentPlanRequest'
1155
- responses:
1156
- '200':
1157
- description: Policy-scoped intent execution plan
1158
- '400':
1159
- description: Invalid intent request
1160
- '401':
1161
- description: Unauthorized
1162
- /v1/handoffs/start:
1163
- post:
1164
- operationId: startHandoff
1165
- requestBody:
1166
- required: true
1167
- content:
1168
- application/json:
1169
- schema:
1170
- $ref: '#/components/schemas/HandoffStartRequest'
1171
- responses:
1172
- '200':
1173
- description: Sequential handoff started
1174
- '400':
1175
- description: Invalid handoff request
1176
- '401':
1177
- description: Unauthorized
1178
- /v1/handoffs/complete:
1179
- post:
1180
- operationId: completeHandoff
1181
- requestBody:
1182
- required: true
1183
- content:
1184
- application/json:
1185
- schema:
1186
- $ref: '#/components/schemas/HandoffCompleteRequest'
1187
- responses:
1188
- '200':
1189
- description: Sequential handoff completed
1190
- '400':
1191
- description: Invalid handoff completion request
1192
- '401':
1193
- description: Unauthorized
1194
- /v1/internal-agent/bootstrap:
1195
- post:
1196
- operationId: bootstrapInternalAgent
1197
- requestBody:
1198
- required: true
1199
- content:
1200
- application/json:
1201
- schema:
1202
- $ref: '#/components/schemas/InternalAgentBootstrapRequest'
1203
- responses:
1204
- '200':
1205
- description: Normalized trigger context, recall pack, sandbox, and reviewer-ready execution plan
1206
- '400':
1207
- description: Invalid internal-agent bootstrap request
1208
- '401':
1209
- description: Unauthorized
1210
- /v1/feedback/summary:
1211
- get:
1212
- operationId: getFeedbackSummary
1213
- parameters:
1214
- - in: query
1215
- name: recent
1216
- schema:
1217
- type: integer
1218
- default: 20
1219
- responses:
1220
- '200':
1221
- description: Feedback summary text
1222
- '401':
1223
- description: Unauthorized
1224
- /v1/lessons/search:
1225
- get:
1226
- operationId: searchLessons
1227
- parameters:
1228
- - in: query
1229
- name: q
1230
- schema:
1231
- type: string
1232
- description: Search query. Leave empty to list recent lessons.
1233
- - in: query
1234
- name: limit
1235
- schema:
1236
- type: integer
1237
- default: 10
1238
- - in: query
1239
- name: category
1240
- schema:
1241
- type: string
1242
- enum: [error, learning, preference]
1243
- - in: query
1244
- name: tags
1245
- schema:
1246
- type: string
1247
- description: Comma-separated tags that must all be present on a lesson.
1248
- responses:
1249
- '200':
1250
- description: Searchable promoted lessons with linked corrective actions, prevention rules, and auto-promoted checks
1251
- '401':
1252
- description: Unauthorized
1253
- /v1/search:
1254
- get:
1255
- operationId: searchThumbgate
1256
- parameters:
1257
- - in: query
1258
- name: q
1259
- schema:
1260
- type: string
1261
- description: Search query for raw ThumbGate state.
1262
- - in: query
1263
- name: limit
1264
- schema:
1265
- type: integer
1266
- default: 10
1267
- - in: query
1268
- name: source
1269
- schema:
1270
- type: string
1271
- enum: [all, feedback, context, rules]
1272
- default: all
1273
- - in: query
1274
- name: signal
1275
- schema:
1276
- type: string
1277
- enum: [up, down, positive, negative]
1278
- responses:
1279
- '200':
1280
- description: Search results across feedback logs, ContextFS, and prevention rules
1281
- '401':
1282
- description: Unauthorized
1283
- post:
1284
- operationId: searchThumbgatePost
1285
- requestBody:
1286
- required: true
1287
- content:
1288
- application/json:
1289
- schema:
1290
- type: object
1291
- properties:
1292
- query:
1293
- type: string
1294
- q:
1295
- type: string
1296
- limit:
1297
- type: integer
1298
- default: 10
1299
- source:
1300
- type: string
1301
- enum: [all, feedback, context, rules]
1302
- default: all
1303
- signal:
1304
- type: string
1305
- enum: [up, down, positive, negative]
1306
- responses:
1307
- '200':
1308
- description: Search results across feedback logs, ContextFS, and prevention rules
1309
- '401':
1310
- description: Unauthorized
1311
- /v1/feedback/rules:
1312
- post:
1313
- operationId: generatePreventionRules
1314
- requestBody:
1315
- required: false
1316
- content:
1317
- application/json:
1318
- schema:
1319
- type: object
1320
- properties:
1321
- minOccurrences:
1322
- type: integer
1323
- default: 2
1324
- outputPath:
1325
- type: string
1326
- responses:
1327
- '200':
1328
- description: Prevention rules generated
1329
- '401':
1330
- description: Unauthorized
1331
- /v1/dpo/export:
1332
- post:
1333
- operationId: exportDpoPairs
1334
- requestBody:
1335
- required: false
1336
- content:
1337
- application/json:
1338
- schema:
1339
- type: object
1340
- properties:
1341
- inputPath:
1342
- type: string
1343
- memoryLogPath:
1344
- type: string
1345
- outputPath:
1346
- type: string
1347
- async:
1348
- type: boolean
1349
- mode:
1350
- type: string
1351
- enum: [sync, async]
1352
- jobId:
1353
- type: string
1354
- responses:
1355
- '200':
1356
- description: DPO export completed
1357
- '202':
1358
- description: DPO export accepted as a hosted background job
1359
- '401':
1360
- description: Unauthorized
1361
- /v1/documents:
1362
- get:
1363
- operationId: listImportedDocuments
1364
- parameters:
1365
- - in: query
1366
- name: query
1367
- schema:
1368
- type: string
1369
- - in: query
1370
- name: q
1371
- schema:
1372
- type: string
1373
- - in: query
1374
- name: tag
1375
- schema:
1376
- type: string
1377
- - in: query
1378
- name: limit
1379
- schema:
1380
- type: integer
1381
- default: 20
1382
- responses:
1383
- '200':
1384
- description: Imported policy and runbook documents
1385
- '401':
1386
- description: Unauthorized
1387
- /v1/documents/import:
1388
- post:
1389
- operationId: importDocument
1390
- requestBody:
1391
- required: true
1392
- content:
1393
- application/json:
1394
- schema:
1395
- type: object
1396
- properties:
1397
- filePath:
1398
- type: string
1399
- content:
1400
- type: string
1401
- title:
1402
- type: string
1403
- sourceFormat:
1404
- type: string
1405
- enum: [markdown, text, yaml, json, html]
1406
- sourceUrl:
1407
- type: string
1408
- tags:
1409
- type: array
1410
- items:
1411
- type: string
1412
- proposeGates:
1413
- type: boolean
1414
- responses:
1415
- '201':
1416
- description: Document imported
1417
- '400':
1418
- description: Invalid document import request
1419
- '401':
1420
- description: Unauthorized
1421
- /v1/documents/{documentId}:
1422
- get:
1423
- operationId: getImportedDocument
1424
- parameters:
1425
- - in: path
1426
- name: documentId
1427
- required: true
1428
- schema:
1429
- type: string
1430
- responses:
1431
- '200':
1432
- description: Imported document with proposed gates
1433
- '401':
1434
- description: Unauthorized
1435
- '404':
1436
- description: Imported document not found
1437
- /v1/jobs:
1438
- get:
1439
- operationId: listHostedJobs
1440
- parameters:
1441
- - in: query
1442
- name: limit
1443
- schema:
1444
- type: integer
1445
- default: 20
1446
- - in: query
1447
- name: status
1448
- schema:
1449
- type: string
1450
- description: Optional comma-separated list of job statuses to filter.
1451
- responses:
1452
- '200':
1453
- description: Hosted job states
1454
- '401':
1455
- description: Unauthorized
1456
- /v1/jobs/harness:
1457
- post:
1458
- operationId: launchHostedHarness
1459
- requestBody:
1460
- required: true
1461
- content:
1462
- application/json:
1463
- schema:
1464
- type: object
1465
- required: [harness]
1466
- properties:
1467
- harness:
1468
- type: string
1469
- harnessId:
1470
- type: string
1471
- jobId:
1472
- type: string
1473
- skill:
1474
- type: string
1475
- partnerProfile:
1476
- type: string
1477
- autoImprove:
1478
- type: boolean
1479
- inputs:
1480
- type: object
1481
- responses:
1482
- '202':
1483
- description: Hosted harness accepted
1484
- '401':
1485
- description: Unauthorized
1486
- /v1/jobs/{jobId}:
1487
- get:
1488
- operationId: getHostedJob
1489
- parameters:
1490
- - in: path
1491
- name: jobId
1492
- required: true
1493
- schema:
1494
- type: string
1495
- responses:
1496
- '200':
1497
- description: Hosted job state
1498
- '401':
1499
- description: Unauthorized
1500
- '404':
1501
- description: Job not found
1502
- /v1/jobs/{jobId}/control:
1503
- post:
1504
- operationId: controlHostedJob
1505
- parameters:
1506
- - in: path
1507
- name: jobId
1508
- required: true
1509
- schema:
1510
- type: string
1511
- requestBody:
1512
- required: true
1513
- content:
1514
- application/json:
1515
- schema:
1516
- type: object
1517
- required: [action]
1518
- properties:
1519
- action:
1520
- type: string
1521
- enum: [pause, cancel, resume]
1522
- metadata:
1523
- type: object
1524
- responses:
1525
- '202':
1526
- description: Hosted job control accepted
1527
- '401':
1528
- description: Unauthorized
1529
- '404':
1530
- description: Job not found
1531
- '409':
1532
- description: Job cannot accept the requested control action
1533
- /v1/analytics/databricks/export:
1534
- post:
1535
- operationId: exportDatabricksBundle
1536
- requestBody:
1537
- required: false
1538
- content:
1539
- application/json:
1540
- schema:
1541
- type: object
1542
- properties:
1543
- outputPath:
1544
- type: string
1545
- responses:
1546
- '200':
1547
- description: Databricks bundle exported
1548
- '401':
1549
- description: Unauthorized
1550
- /v1/context/construct:
1551
- post:
1552
- operationId: constructContextPack
1553
- requestBody:
1554
- required: false
1555
- content:
1556
- application/json:
1557
- schema:
1558
- type: object
1559
- properties:
1560
- query:
1561
- type: string
1562
- maxItems:
1563
- type: integer
1564
- default: 8
1565
- maxChars:
1566
- type: integer
1567
- default: 6000
1568
- namespaces:
1569
- type: array
1570
- items:
1571
- type: string
1572
- enum:
1573
- - raw_history
1574
- - memory/error
1575
- - memory/learning
1576
- - rules
1577
- - tools
1578
- - provenance
1579
- responses:
1580
- '200':
1581
- description: Context pack created
1582
- '400':
1583
- description: Invalid namespace selection
1584
- '401':
1585
- description: Unauthorized
1586
- /v1/context/evaluate:
1587
- post:
1588
- operationId: evaluateContextPack
1589
- requestBody:
1590
- required: true
1591
- content:
1592
- application/json:
1593
- schema:
1594
- type: object
1595
- required: [packId, outcome]
1596
- properties:
1597
- packId:
1598
- type: string
1599
- outcome:
1600
- type: string
1601
- signal:
1602
- type: string
1603
- notes:
1604
- type: string
1605
- rubricScores:
1606
- type: array
1607
- items:
1608
- $ref: '#/components/schemas/RubricScore'
1609
- guardrails:
1610
- type: object
1611
- properties:
1612
- testsPassed:
1613
- type: boolean
1614
- pathSafety:
1615
- type: boolean
1616
- budgetCompliant:
1617
- type: boolean
1618
- responses:
1619
- '200':
1620
- description: Evaluation recorded
1621
- '400':
1622
- description: Invalid rubric payload
1623
- '401':
1624
- description: Unauthorized
1625
- /v1/context/provenance:
1626
- get:
1627
- operationId: getContextProvenance
1628
- parameters:
1629
- - in: query
1630
- name: limit
1631
- schema:
1632
- type: integer
1633
- default: 50
1634
- responses:
1635
- '200':
1636
- description: Recent provenance events
1637
- '401':
1638
- description: Unauthorized
1639
- /v1/billing/checkout:
1640
- post:
1641
- operationId: createBillingCheckoutSession
1642
- security: []
1643
- requestBody:
1644
- required: false
1645
- content:
1646
- application/json:
1647
- schema:
1648
- $ref: '#/components/schemas/BillingCheckoutRequest'
1649
- responses:
1650
- '200':
1651
- description: Stripe checkout session created
1652
- /v1/billing/usage:
1653
- get:
1654
- operationId: getBillingUsage
1655
- responses:
1656
- '200':
1657
- description: Usage count for authenticated billing key
1658
- '401':
1659
- description: Unauthorized
1660
- /v1/billing/provision:
1661
- post:
1662
- operationId: provisionBillingKey
1663
- requestBody:
1664
- required: true
1665
- content:
1666
- application/json:
1667
- schema:
1668
- $ref: '#/components/schemas/BillingProvisionRequest'
1669
- responses:
1670
- '200':
1671
- description: API key provisioned
1672
- '400':
1673
- description: Missing required customerId
1674
- '401':
1675
- description: Unauthorized
1676
- '403':
1677
- description: Forbidden - requires static THUMBGATE_API_KEY admin token
1678
- /v1/billing/webhook:
1679
- post:
1680
- operationId: stripeBillingWebhook
1681
- security: []
1682
- responses:
1683
- '200':
1684
- description: Webhook accepted
1685
- '400':
1686
- description: Invalid webhook signature or payload
1687
- /v1/billing/github-webhook:
1688
- post:
1689
- operationId: githubMarketplaceWebhook
1690
- security: []
1691
- responses:
1692
- '200':
1693
- description: Webhook accepted
1694
- '400':
1695
- description: Invalid webhook signature or payload
1696
- k signature or payload
1697
- /v1/billing/github-webhook:
1698
- post:
1699
- operationId: githubMarketplaceWebhook
1700
- security: []
1701
- responses:
1702
- '200':
1703
- description: Webhook accepted
1704
- '400':
1705
- description: Invalid webhook signature or payload