thumbgate 1.23.1 → 1.25.0

package/bin/postinstall.js

@@ -26,32 +26,21 @@ const DASHBOARD_URL = 'https://thumbgate.ai/dashboard?utm_source=npm&utm_medium=
 
 process.stderr.write(`
   ╭─────────────────────────────────────────────────────╮
-  │  ThumbGate installed — 14-day Pro trial active.     │
+  │  ThumbGate installed — 7-day Pro trial is live.     │
   │                                                     │
-  │  Every feature unlocked. No limits. No card needed. │
-  │  After 14 days, you keep the free tier (5 rules,    │
-  │  unlimited captures) or upgrade to keep Pro.        │
+  │  Start now:  npx thumbgate init                     │
+  │  Updates:    npx thumbgate subscribe you@company.com│
   │                                                     │
-  │  Start now:                                         │
-  │    npx thumbgate init                               │
-  │    npx thumbgate stats                              │
-  │                                                     │
-  │  Get the 5-min setup guide + weekly tips:           │
-  │    npx thumbgate subscribe you@company.com          │
-  │                                                     │
-  │  See your gates firing live:                        │
-  │    ${DASHBOARD_URL.slice(0, 47).padEnd(47, ' ')} │
+  │  Free after trial: 3 rules, 5 captures/day.        │
+  │  Pro ($19/mo): unlimited everything.                │
   ╰─────────────────────────────────────────────────────╯
 
-  Your 14-day Pro trial includes:
-    Unlimited prevention rules (free caps at 5)
-    Lesson search + recall across sessions
-    DPO export for preference fine-tuning
-    Hosted dashboard — no self-hosting needed
-
-  After the trial: ${PRO_PRICE_LABEL}
-    Upgrade: ${PRO_CTA_URL}
+  Trial unlocks: unlimited rules, lesson search, DPO export,
+  hosted dashboard. After 7 days, free tier limits apply.
+  Subscribe for the 5-min setup guide + weekly tips:
+  npx thumbgate subscribe you@company.com
 
-  Or run: npx thumbgate pro
+  Dashboard: ${DASHBOARD_URL}
+  Keep Pro: ${PRO_CTA_URL}
 
 `);

package/config/gate-templates.json

@@ -444,6 +444,78 @@
       "problem": "Blocks background agents from cloning, building, testing, or publishing unless they run in an isolated durable environment with logs.",
       "roi": "Lets the team pursue unattended revenue and engineering workflows without turning local developer machines into the execution boundary.",
       "rollout": "Enable for every agent that can run tests, push branches, deploy, publish content, change billing, or touch customer data."
+    },
+    {
+      "id": "block-unauthorized-practice-of-law",
+      "name": "Block unauthorized practice of law",
+      "category": "Legal Intake Safety",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(outcome prediction|jurisdictional recommendation|[Yy]ou\\s+(should|could|might)\\s+(file|sue|claim)|strong case|likely\\s+(prevail|win|succeed))",
+      "problem": "Stops advice-shaped intake replies under ABA Rule 5.5.",
+      "roi": "Prevents malpractice exposure before delivery.",
+      "rollout": "Enable on every AI intake channel."
+    },
+    {
+      "id": "require-conflict-check-before-intake",
+      "name": "Require conflict check before intake continues",
+      "category": "Legal Intake Safety",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(collect_case_facts|schedule_consultation|intake_continue).*(missing|no|unchecked).*(conflict|adverse[_-]party|clearance)",
+      "problem": "Requires adverse-party clearance before sensitive facts.",
+      "roi": "Catches conflicts before privileged facts cross ethical walls.",
+      "rollout": "Use the firm's conflicts API or a synthetic pilot fixture."
+    },
+    {
+      "id": "block-privileged-content-egress",
+      "name": "Block privileged content egress",
+      "category": "Legal Intake Safety",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(send_email|api_call|external_request|schedule|crm_update).*(privileged|attorney[_-]client|work[_-]product|matter[_-]id|confidential)",
+      "problem": "Blocks outbound actions with privilege markers.",
+      "roi": "Prevents single-action privilege waiver.",
+      "rollout": "Define markers, start with hard block, then add in-tenant reroute."
+    },
+    {
+      "id": "require-approved-disclaimer-before-response",
+      "name": "Require approved disclaimer before response",
+      "category": "Legal Intake Safety",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(intake_response|client_reply).*((missing|no)\\s*(disclaimer|disclosure|non[_-]engagement)|(disclaimer|disclosure|non[_-]engagement)\\s*[:=]?\\s*(missing|none|no))",
+      "problem": "Requires firm-approved non-engagement language.",
+      "roi": "Reduces inadvertent client-relationship risk.",
+      "rollout": "Load approved disclaimer during pilot."
+    },
+    {
+      "id": "restrict-model-endpoint-to-approved-list",
+      "name": "Restrict model endpoint to approved list",
+      "category": "Legal Intake Safety",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(model_call|llm_request|api_endpoint).*(unapproved|unknown|public|consumer)",
+      "problem": "Blocks unapproved model endpoints.",
+      "roi": "Keeps data inside approved vendor boundaries.",
+      "rollout": "Allowlist endpoints during pilot."
+    },
+    {
+      "id": "require-attorney-review-before-routing",
+      "name": "Require attorney review before case routing",
+      "category": "Legal Intake Safety",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(route_to_attorney|assign_practice_area|schedule_consultation).*(no|missing).*(review|approval|supervisor)",
+      "problem": "Requires review before routing or scheduling.",
+      "roi": "Prevents bad prospect routing.",
+      "rollout": "Start strict; relax after pilot evidence."
     }
   ]
 }

package/config/github-about.json

@@ -1,7 +1,7 @@
 {
   "repo": "IgorGanapolsky/ThumbGate",
   "repositoryUrl": "https://github.com/IgorGanapolsky/ThumbGate",
-  "homepageUrl": "https://thumbgate-production.up.railway.app",
+  "homepageUrl": "https://thumbgate.ai",
   "githubDescription": "Agent governance for ThumbGate: 👍/👎 become Pre-Action Checks that block repeat mistakes before code, money, or customer systems change.",
   "metaDescription": "Stop paying for the same AI mistake twice. ThumbGate is machine-speed pre-action defense for AI coding agents and vibe coding workflows: 👍 thumbs up and 👎 thumbs down become history-aware lessons, shared lessons and org visibility, actionable remediations, agent surface inventory, and Pre-Action Checks that block repeat mistakes before the next tool call across Claude Code, Cursor, Codex, Gemini, Amp, Cline, and OpenCode.",
   "topics": [

package/config/post-deploy-marketing-pages.json

@@ -29,9 +29,14 @@
     },
     {
       "route": "/ai-malpractice-prevention",
-      "sentinel": "AI Intake Risk Controls for Law Firms",
+      "sentinel": "Pre-Execution Controls for Legal AI Agents",
       "description": "Legal AI intake risk-controls page for law-firm pilot conversations"
     },
+    {
+      "route": "/learn/background-agent-control-layer",
+      "sentinel": "Background agents need a control layer outside the model",
+      "description": "Background-agent AI-SDLC control-layer positioning page"
+    },
     {
       "route": "/llm-context.md",
       "sentinel": "## What ThumbGate Is",

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "thumbgate",
-  "version": "1.23.1",
-  "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 33 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
-  "homepage": "https://thumbgate-production.up.railway.app",
+  "version": "1.25.0",
+  "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
+  "homepage": "https://thumbgate.ai",
   "repository": {
     "type": "git",
     "url": "https://github.com/IgorGanapolsky/ThumbGate.git"
@@ -120,6 +120,7 @@
     "scripts/mailer/index.js",
     "scripts/mailer/resend-mailer.js",
     "scripts/mcp-config.js",
+    "scripts/mcp-oauth.js",
     "scripts/mcp-policy.js",
     "scripts/mcp-transport-strategy.js",
     "scripts/memory-firewall.js",
@@ -198,6 +199,7 @@
     "scripts/verification-loop.js",
     "scripts/verifier-scoring.js",
     "scripts/verify-marketing-pages-deployed.js",
+    "scripts/visitor-journey.js",
     "scripts/workflow-runs.js",
     "scripts/workflow-sentinel.js",
     "scripts/workspace-agent-routines.js",
@@ -209,7 +211,6 @@
     "LICENSE",
     "README.md",
     "adapters/amp/skills/thumbgate-feedback/SKILL.md",
-    "adapters/chatgpt/openapi.yaml",
     "adapters/claude/.mcp.json",
     "adapters/codex/config.toml",
     "adapters/forge/forge.yaml",
@@ -258,6 +259,7 @@
     "verify:full": "node scripts/verify-run.js full",
     "budget:status": "node scripts/budget-guard.js --status",
     "revenue:status": "node scripts/revenue-status.js",
+    "revenue:truth": "bash bin/revenue-truth.sh",
     "revenue:doctor": "node scripts/revenue-observability-doctor.js",
     "revenue:plan": "node scripts/may-2026-revenue-machine.js",
     "revenue:status:local": "node bin/cli.js cfo",
@@ -338,10 +340,10 @@
     "social:prospect:bluesky:dry": "node scripts/social-bluesky-prospecting.js --dry-run",
     "social:reply-publish:bluesky:dry": "node scripts/social-reply-monitor-bluesky.js --publish-approved --dry-run",
     "test:python": "python3 -m pytest tests/*.py",
-    "test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:post-everywhere-zernio-default && npm run test:zernio-canonical-pollers && npm run test:zernio-status && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:community-course-platform-launch-kit && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:social-dedupe-cleanup && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture && npm run test:install-shim && npm run test:hook-runtime-subcommands && npm run test:implementation-notes && npm run test:daily-block-cap && npm run test:free-to-paid-conversion-units && npm run test:metrics-real-endpoint && npm run test:cli-trial-and-help && npm run test:cost-cli && npm run test:silent-failure-cluster",
+    "test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:post-everywhere-zernio-default && npm run test:zernio-canonical-pollers && npm run test:zernio-status && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:mcp-tool-annotations && npm run test:mcp-oauth && npm run test:mcp-oauth-flow && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:lesson-semantic-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:predictive-credible-range && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:community-course-platform-launch-kit && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:social-dedupe-cleanup && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture && npm run test:install-shim && npm run test:hook-runtime-subcommands && npm run test:implementation-notes && npm run test:daily-block-cap && npm run test:free-to-paid-conversion-units && npm run test:metrics-real-endpoint && npm run test:cli-trial-and-help && npm run test:cost-cli && npm run test:silent-failure-cluster && npm run test:proof:truth",
     "test:hook-stop-verify-deploy": "node --test tests/hook-stop-verify-deploy.test.js",
     "test:hook-stop-anti-claim": "node --test tests/hook-stop-anti-claim.test.js",
-    "test:plausible-server-events": "node --test tests/plausible-server-events.test.js",
+    "test:plausible-server-events": "node --test tests/plausible-server-events.test.js tests/plausible-poller.test.js",
     "test:activation-tracker": "node --test tests/activation-tracker.test.js",
     "test:unified-revenue-rollup": "node --test tests/unified-revenue-rollup.test.js",
     "test:conversion-rate-stats": "node --test tests/conversion-rate-stats.test.js",
@@ -349,7 +351,7 @@
     "test:stripe-checkout-diagnostic": "node --test tests/stripe-checkout-diagnostic.test.js",
     "test:stripe-business-identity-probe": "node --test tests/stripe-business-identity-probe.test.js",
     "test:ci-cd-hygiene-audit": "node --test tests/ci-cd-hygiene-audit.test.js",
-    "test:telemetry-export": "node --test tests/telemetry-export.test.js",
+    "test:telemetry-export": "node --test tests/telemetry-export.test.js tests/telemetry-analytics-quality.test.js",
     "test:swarm-coordinator": "node --test tests/swarm-coordinator.test.js",
     "test:session-report": "node --test tests/session-report.test.js",
     "test:agent-reasoning-traces": "node --test tests/agent-reasoning-traces.test.js tests/agent-stack-survival-audit.test.js",
@@ -403,6 +405,9 @@
     "test:operator-key-auth": "node --test tests/api-operator-key-auth.test.js",
     "test:cloudflare-sandbox": "node --test tests/cloudflare-dynamic-sandbox.test.js tests/cloudflare-sandbox-api.test.js",
     "test:mcp-config": "node --test tests/mcp-config.test.js",
+    "test:mcp-tool-annotations": "node --test tests/mcp-tool-annotations.test.js",
+    "test:mcp-oauth": "node --test tests/mcp-oauth.test.js",
+    "test:mcp-oauth-flow": "node --test tests/mcp-oauth-flow.test.js",
     "test:plan-gate": "node --test tests/plan-gate.test.js",
     "test:pulse": "node --test tests/pulse.test.js",
     "test:semantic-layer": "node --test tests/semantic-layer.test.js",
@@ -536,6 +541,7 @@
     "test:data-governance": "node --test tests/data-governance.test.js",
     "test:lesson-inference": "node --test tests/conversation-context.test.js tests/lesson-inference.test.js tests/lesson-prompt-shape.test.js",
     "test:lesson-retrieval": "node --test tests/lesson-retrieval.test.js",
+    "test:lesson-semantic-retrieval": "node --test tests/lesson-semantic-retrieval.test.js",
     "test:cross-encoder": "node --test tests/cross-encoder-reranker.test.js",
     "test:reflector-agent": "node --test tests/reflector-agent.test.js",
     "test:public-core-boundary": "node --test tests/public-core-boundary.test.js",
@@ -544,6 +550,7 @@
     "test:hallucination-detector": "node --test tests/hallucination-detector.test.js",
     "test:history-distiller": "node --test tests/history-distiller.test.js",
     "test:predictive-insights": "node --test tests/predictive-insights.test.js",
+    "test:predictive-credible-range": "node --test tests/predictive-credible-range.test.js",
     "test:prove-predictive-insights": "node --test tests/prove-predictive-insights.test.js",
     "prove:predictive-insights": "node scripts/prove-predictive-insights.js",
     "test:statusbar-cli": "node --test tests/statusbar-cli.test.js",
@@ -679,7 +686,12 @@
     "test:index-page-clickability": "playwright test tests/e2e/index-page-clickability.spec.js",
     "test:dashboard-page-clickability": "playwright test tests/e2e/dashboard-page-clickability.spec.js",
     "test:agent-manager-page-clickability": "playwright test tests/e2e/agent-manager-page-clickability.spec.js",
-    "test:pricing-page-clickability": "playwright test tests/e2e/pricing-page-clickability.spec.js"
+    "test:pricing-page-clickability": "playwright test tests/e2e/pricing-page-clickability.spec.js",
+    "test:proof:truth": "node --test tests/knowledge-entropy.test.js tests/mcp-wiring-doctor.test.js tests/sequence-guard.test.js tests/slopsquat-guard.test.js tests/slopsquat-stress.test.js tests/truth-and-proof.test.js tests/wire-proof-gate.test.js",
+    "build:grok-plugin": "node scripts/build-grok-plugin.js",
+    "promote:launch": "node scripts/x-autonomous-marketing.js",
+    "feedback:ingest": "node scripts/ingest-manual-feedback.js",
+    "verify-proof": "node scripts/require-proof.js"
   },
   "keywords": [
     "mcp",

package/public/agent-manager.html

@@ -9,8 +9,8 @@
 <meta property="og:title" content="ThumbGate for the Agent Manager">
 <meta property="og:description" content="The role Anthropic named — Agent Manager — owns CLAUDE.md, the plugin marketplace, permissions, and which skills ship. ThumbGate is the runtime underneath all of that.">
 <meta property="og:type" content="article">
-<meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
-<link rel="canonical" href="https://thumbgate-production.up.railway.app/agent-manager">
+<meta property="og:image" content="https://thumbgate.ai/og.png">
+<link rel="canonical" href="https://thumbgate.ai/agent-manager">
 <script type="application/ld+json">
 {
   "@context": "https://schema.org",
@@ -20,7 +20,7 @@
   "datePublished": "2026-05-19",
   "dateModified": "2026-05-19",
   "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
-  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate-production.up.railway.app" },
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
   "about": [
     { "@type": "Thing", "name": "Agent Manager" },
     { "@type": "Thing", "name": "Claude Code rollout" },

package/public/agents-cost-savings.html

@@ -9,8 +9,8 @@
 <meta property="og:title" content="FinOps for AI Agents — Prevention, Not Reporting">
 <meta property="og:description" content="Cost dashboards tell you what your agents wasted last week. ThumbGate's PreToolUse gates stop the wasted tool calls before they fire — and `thumbgate cost` shows you the dollar amount.">
 <meta property="og:type" content="article">
-<meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
-<link rel="canonical" href="https://thumbgate-production.up.railway.app/agents-cost-savings">
+<meta property="og:image" content="https://thumbgate.ai/og.png">
+<link rel="canonical" href="https://thumbgate.ai/agents-cost-savings">
 <script type="application/ld+json">
 {
   "@context": "https://schema.org",
@@ -20,7 +20,7 @@
   "datePublished": "2026-05-21",
   "dateModified": "2026-05-21",
   "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
-  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate-production.up.railway.app" },
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
   "about": [
     { "@type": "Thing", "name": "FinOps for AI" },
     { "@type": "Thing", "name": "Agent Cost Optimization" },