thumbgate 1.25.0 → 1.25.2

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.25.0",
+  "version": "1.25.2",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -14,7 +14,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.25.0",
+      "version": "1.25.2",
       "author": {
         "name": "Igor Ganapolsky",
         "email": "ig5973700@gmail.com",

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
-  "version": "1.25.0",
+  "version": "1.25.2",
   "author": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com",

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.25.0",
+  "version": "1.25.2",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate.ai",
   "transport": "stdio",

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.25.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.25.2", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.25.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.25.2", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/gemini/function-declarations.json

@@ -133,6 +133,7 @@
           "context": { "type": "string" },
           "mcpProfile": { "type": "string" },
           "bundleId": { "type": "string" },
+          "enforcePlanQuality": { "type": "boolean" },
           "approved": { "type": "boolean" }
         },
         "required": ["intentId"]

package/adapters/mcp/server-stdio.js

@@ -216,7 +216,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.25.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.25.2' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -779,6 +779,7 @@ async function callToolInner(name, args) {
           bundleId: args.bundleId,
           partnerProfile: args.partnerProfile,
           delegationMode: args.delegationMode,
+          enforcePlanQuality: args.enforcePlanQuality === true,
           approved: args.approved === true,
           repoPath: args.repoPath,
         }));

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.25.0",
+        "thumbgate@1.25.2",
         "thumbgate",
         "serve"
       ],

package/openapi/openapi.yaml

@@ -94,6 +94,8 @@ components:
         delegationMode:
           type: string
           enum: [off, auto, sequential]
+        enforcePlanQuality:
+          type: boolean
         approved:
           type: boolean
         repoPath:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.25.0",
+  "version": "1.25.2",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate.ai",
   "repository": {
@@ -340,7 +340,7 @@
     "social:prospect:bluesky:dry": "node scripts/social-bluesky-prospecting.js --dry-run",
     "social:reply-publish:bluesky:dry": "node scripts/social-reply-monitor-bluesky.js --publish-approved --dry-run",
     "test:python": "python3 -m pytest tests/*.py",
-    "test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:post-everywhere-zernio-default && npm run test:zernio-canonical-pollers && npm run test:zernio-status && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:mcp-tool-annotations && npm run test:mcp-oauth && npm run test:mcp-oauth-flow && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:lesson-semantic-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:predictive-credible-range && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:community-course-platform-launch-kit && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:social-dedupe-cleanup && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture && npm run test:install-shim && npm run test:hook-runtime-subcommands && npm run test:implementation-notes && npm run test:daily-block-cap && npm run test:free-to-paid-conversion-units && npm run test:metrics-real-endpoint && npm run test:cli-trial-and-help && npm run test:cost-cli && npm run test:silent-failure-cluster && npm run test:proof:truth",
+    "test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:post-everywhere-zernio-default && npm run test:zernio-canonical-pollers && npm run test:zernio-status && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:mcp-tool-annotations && npm run test:mcp-oauth && npm run test:mcp-oauth-flow && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:lesson-semantic-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:predictive-credible-range && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:community-course-platform-launch-kit && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:social-dedupe-cleanup && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture && npm run test:install-shim && npm run test:hook-runtime-subcommands && npm run test:implementation-notes && npm run test:daily-block-cap && npm run test:free-to-paid-conversion-units && npm run test:metrics-real-endpoint && npm run test:cli-trial-and-help && npm run test:cost-cli && npm run test:silent-failure-cluster && npm run test:proof:truth && node --test tests/adaptive-reliability.test.js && npm run test:mcp-oauth-reviewer",
     "test:hook-stop-verify-deploy": "node --test tests/hook-stop-verify-deploy.test.js",
     "test:hook-stop-anti-claim": "node --test tests/hook-stop-anti-claim.test.js",
     "test:plausible-server-events": "node --test tests/plausible-server-events.test.js tests/plausible-poller.test.js",
@@ -687,11 +687,12 @@
     "test:dashboard-page-clickability": "playwright test tests/e2e/dashboard-page-clickability.spec.js",
     "test:agent-manager-page-clickability": "playwright test tests/e2e/agent-manager-page-clickability.spec.js",
     "test:pricing-page-clickability": "playwright test tests/e2e/pricing-page-clickability.spec.js",
-    "test:proof:truth": "node --test tests/knowledge-entropy.test.js tests/mcp-wiring-doctor.test.js tests/sequence-guard.test.js tests/slopsquat-guard.test.js tests/slopsquat-stress.test.js tests/truth-and-proof.test.js tests/wire-proof-gate.test.js",
+    "test:proof:truth": "node --test tests/knowledge-entropy.test.js tests/mcp-wiring-doctor.test.js tests/sequence-guard.test.js tests/slopsquat-guard.test.js tests/slopsquat-stress.test.js tests/truth-and-proof.test.js tests/wire-proof-gate.test.js tests/adaptive-reliability.test.js",
     "build:grok-plugin": "node scripts/build-grok-plugin.js",
     "promote:launch": "node scripts/x-autonomous-marketing.js",
     "feedback:ingest": "node scripts/ingest-manual-feedback.js",
-    "verify-proof": "node scripts/require-proof.js"
+    "verify-proof": "node scripts/require-proof.js",
+    "test:mcp-oauth-reviewer": "node --test tests/mcp-oauth-reviewer.test.js"
   },
   "keywords": [
     "mcp",

package/public/index.html

@@ -20,7 +20,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:image" content="https://thumbgate.ai/og.png">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://thumbgate.ai/og.png">
-<meta name="thumbgate-version" content="1.25.0">
+<meta name="thumbgate-version" content="1.25.2">
 <meta name="keywords" content="ThumbGate, thumbgate, AI agent orchestration, AI experience orchestration, agentic development cycle, AC/DC framework, Guide Generate Verify Solve, agent enforcement layer, save LLM tokens, reduce Claude API cost, reduce OpenAI cost, AI agent token savings, prevent LLM retries, prevent hallucination retries, stop AI token waste, pre-action checks, agent governance, Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, workflow hardening, context engineering, AI authenticity, brand authenticity AI">
 <link rel="canonical" href="__APP_ORIGIN__/">
 <link rel="alternate" type="text/markdown" title="ThumbGate LLM context" href="__APP_ORIGIN__/llm-context.md">
@@ -1586,7 +1586,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.25.0</span>
+    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.25.2</span>
   </div>
 </footer>
 

package/public/numbers.html

@@ -25,7 +25,7 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.25.0",
+  "softwareVersion": "1.25.2",
   "url": "https://thumbgate.ai/numbers",
   "dateModified": "2026-05-07",
   "creator": {
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.25.0</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.25.2</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
 
   <h2>Gate enforcement</h2>

package/scripts/context-manager.js

@@ -27,8 +27,9 @@ const {
   recordProvenance,
 } = require('./contextfs');
 const { loadOptionalModule } = require('./private-core-boundary');
-const { retrieveRelevantLessons } = loadOptionalModule('./lesson-retrieval', () => ({
+const { retrieveRelevantLessons, calculateRetrievalEntropy } = loadOptionalModule('./lesson-retrieval', () => ({
   retrieveRelevantLessons: () => [],
+  calculateRetrievalEntropy: () => 0,
 }));
 const { evaluatePretool } = require('./hybrid-feedback-context');
 const { loadProfile } = require('./user-profile');
@@ -93,13 +94,21 @@ function assembleSession() {
 
 function assembleLessons(query, agentProfile, options = {}) {
   try {
-    return retrieveRelevantLessons(
+    const lessons = retrieveRelevantLessons(
       options.toolName || '',
       query,
       { maxResults: agentProfile.maxLessons, feedbackDir: options.feedbackDir },
     );
+    
+    const entropy = calculateRetrievalEntropy(lessons);
+    
+    return { 
+      items: lessons, 
+      entropy, 
+      highConflict: entropy > 0.7 
+    };
   } catch {
-    return [];
+    return { items: [], entropy: 0, highConflict: false };
   }
 }
 
@@ -224,7 +233,8 @@ function assembleUnifiedContext(params = {}) {
   // Assemble all components — each is fault-tolerant
   const session = assembleSession();
   const userProfile = assembleUserProfile();
-  const lessons = assembleLessons(query, agentProfile, { toolName, feedbackDir });
+  const lessonData = assembleLessons(query, agentProfile, { toolName, feedbackDir });
+  const lessons = lessonData.items;
   const guards = assembleGuards(toolName, toolInput);
   const contextPack = assembleContextPack(query, agentProfile);
   const codeGraph = assembleCodeGraph(query, repoPath, agentProfile);
@@ -232,9 +242,17 @@ function assembleUnifiedContext(params = {}) {
   const components = { session, userProfile, lessons, guards, contextPack, codeGraph };
   const tier = classifyTier(components);
 
+  // v4.2: Entropy-Aware Reliability Directive
+  let reliabilityDirective = null;
+  if (lessonData.highConflict) {
+    reliabilityDirective = 'CAUTION: Conflicting past patterns detected for this action. Prioritize absolute ground truth verification over rapid completion.';
+  }
+
   const result = {
     tier,
     agentType: agentType || 'default',
+    reliabilityDirective,
+    entropy: lessonData.entropy,
     agentProfile: {
       maxLessons: agentProfile.maxLessons,
       contextBudget: agentProfile.contextBudget,

package/scripts/gates-engine.js

@@ -2135,10 +2135,7 @@ function buildRecentCorrectiveActionsContext(options = {}) {
 function buildRelevantLessonContext(toolName, toolInput) {
   if (!toolName) return null;
 
-  const { retrieveRelevantLessons, calculateRetrievalEntropy } = loadOptionalModule('./lesson-retrieval', () => ({
-    retrieveRelevantLessons: () => [],
-    calculateRetrievalEntropy: () => 0,
-  }));
+  const { retrieveRelevantLessons, calculateRetrievalEntropy, filterTopP } = loadOptionalModule("./lesson-retrieval", () => ({ retrieveRelevantLessons: () => [], calculateRetrievalEntropy: () => 0, filterTopP: (l) => l }));
 
   // Extract a searchable action context from the tool input
   const actionContext = extractActionContext(toolName, toolInput);

package/scripts/thompson-sampling.js

@@ -302,24 +302,30 @@ function getCalibration(model) {
 // ---------------------------------------------------------------------------
 
 /**
- * Draw one sample from the Beta posterior for each category via the
- * Marsaglia-Tsang (2000) gamma ratio method. No external library needed.
+ * Draw one sample from the Beta posterior for each category.
+ * Supports temperature scaling to adjust exploitation vs exploration.
  *
- * betaSample(alpha, beta) = gammaSample(alpha) / (gammaSample(alpha) + gammaSample(beta))
+ * Temperature (T):
+ *   T = 1.0 (default) — Standard Thompson Sampling.
+ *   T < 1.0 — Sharper distribution, favors high-reliability categories (exploit).
+ *   T > 1.0 — Flatter distribution, increases uncertainty and exploration.
  *
- * This is the JS equivalent of Python's random.betavariate(alpha, beta).
- * Used for Thompson Sampling action selection (explore via uncertainty).
+ * Implementation: Scales alpha and beta by 1/T.
  *
  * @param {Object} model - Model object containing categories
+ * @param {number} temperature - Scaling factor (default 1.0)
  * @returns {Object} Map of category → float sample in [0, 1]
  */
-function samplePosteriors(model) {
+function samplePosteriors(model, temperature = 1.0) {
   const samples = {};
+  const T = Math.max(0.01, Number(temperature) || 1.0);
+  const invT = 1.0 / T;
+
   for (const [cat, params] of Object.entries(model.categories || {})) {
-    samples[cat] = betaSample(
-      Math.max(params.alpha, 0.01),
-      Math.max(params.beta, 0.01),
-    );
+    // Scale precision by inverse temperature
+    const alpha = Math.max(params.alpha * invT, 0.01);
+    const beta = Math.max(params.beta * invT, 0.01);
+    samples[cat] = betaSample(alpha, beta);
   }
   return samples;
 }

package/scripts/tool-registry.js

@@ -476,6 +476,7 @@ const TOOLS = [
         bundleId: { type: 'string' },
         partnerProfile: { type: 'string' },
         delegationMode: { type: 'string', enum: ['off', 'auto', 'sequential'] },
+        enforcePlanQuality: { type: 'boolean' },
         approved: { type: 'boolean' },
         repoPath: { type: 'string' },
       },

package/src/api/server.js

@@ -3662,6 +3662,49 @@ function extractApiKey(req) {
   return '';
 }
 
+/**
+ * Map a ThumbGate key presented at the OAuth consent screen to a role.
+ *
+ * - When any key is configured (production), the presented key MUST match a
+ *   configured admin/operator/reviewer key; otherwise returns null (reject) so
+ *   the OAuth flow actually authenticates the holder.
+ * - When NO keys are configured (insecure/dev mode, e.g. local tests), any
+ *   non-empty key is accepted as role 'dev' to preserve local development.
+ *
+ * 'reviewer' (THUMBGATE_REVIEWER_KEY) is a read-only, independently-revocable
+ * credential safe to share with a directory reviewer — tool execution enforces
+ * read-only for it (see the tools/call handler).
+ */
+// Constant-time comparison of two API/OAuth bearer keys. We compare the raw
+// bytes with crypto.timingSafeEqual after an explicit equal-length guard
+// (timingSafeEqual throws on a length mismatch). No digest is taken: these are
+// high-entropy random credentials compared transiently at request time, not
+// user passwords stored at rest, so neither a KDF (bcrypt/scrypt/argon2) nor a
+// length-normalizing hash is appropriate — and hashing the credential here is
+// exactly what static analysis (correctly, for *stored* passwords) flags. The
+// only side-channel is whether the two keys share a length, which reveals
+// nothing useful about a random secret. Once lengths match, the byte compare
+// is constant-time and leaks no information about where they differ.
+function safeKeyEqual(a, b) {
+  const x = Buffer.from(String(a || ''), 'utf8');
+  const y = Buffer.from(String(b || ''), 'utf8');
+  if (x.length === 0 || y.length === 0 || x.length !== y.length) return false;
+  return require('crypto').timingSafeEqual(x, y);
+}
+
+function resolveKeyRole(key) {
+  const k = String(key || '').trim();
+  const adminKey = String(process.env.THUMBGATE_API_KEY || '').trim();
+  const operatorKey = String(process.env.THUMBGATE_OPERATOR_KEY || '').trim();
+  const reviewerKey = String(process.env.THUMBGATE_REVIEWER_KEY || '').trim();
+  const configured = [adminKey, operatorKey, reviewerKey].filter(Boolean);
+  if (configured.length === 0) return k ? 'dev' : null;
+  if (safeKeyEqual(k, adminKey)) return 'admin';
+  if (safeKeyEqual(k, operatorKey)) return 'operator';
+  if (safeKeyEqual(k, reviewerKey)) return 'reviewer';
+  return null;
+}
+
 /**
  * Admin-only guard for static THUMBGATE_API_KEY.
  * Billing keys are intentionally excluded from admin actions.
@@ -3883,7 +3926,8 @@ function createApiServer() {
               // operator/admin key — never "any non-empty bearer".
               const adminKey = String(process.env.THUMBGATE_API_KEY || '').trim();
               const operatorKey = String(process.env.THUMBGATE_OPERATOR_KEY || '').trim();
-              const rawKeyValid = Boolean(bearer) && ((adminKey && bearer === adminKey) || (operatorKey && bearer === operatorKey));
+              const reviewerKey = String(process.env.THUMBGATE_REVIEWER_KEY || '').trim();
+              const rawKeyValid = Boolean(bearer) && (safeKeyEqual(bearer, adminKey) || safeKeyEqual(bearer, operatorKey) || safeKeyEqual(bearer, reviewerKey));
               const authed = oauthSession
                 ? mcpOauth.tokenAudienceValid(oauthSession, resourceUrl)
                 : rawKeyValid;
@@ -3899,6 +3943,24 @@ function createApiServer() {
                 }));
                 return;
               }
+              // The reviewer credential (THUMBGATE_REVIEWER_KEY) is read-only: it may
+              // only invoke tools annotated readOnlyHint:true. This makes a credential
+              // safe to share (e.g. with a directory reviewer) without granting the
+              // ability to mutate shared server state.
+              const effectiveKey = oauthSession ? String(oauthSession.boundKey || '') : bearer;
+              const isReviewer = Boolean(reviewerKey) && safeKeyEqual(effectiveKey, reviewerKey);
+              if (isReviewer) {
+                const name = msg.params && msg.params.name;
+                const tool = MCP_TOOLS.find((t) => t.name === name);
+                const readOnly = Boolean(tool && tool.annotations && tool.annotations.readOnlyHint === true);
+                if (!readOnly) {
+                  sendJson(res, 200, {
+                    jsonrpc: '2.0', id: msg.id,
+                    error: { code: -32002, message: `Tool "${name}" requires write access; the reviewer credential is read-only.` },
+                  });
+                  return;
+                }
+              }
               (async () => {
                 try {
                   const { callTool } = require('../../adapters/mcp/server-stdio');
@@ -5278,6 +5340,14 @@ ${hidden}
           const form = new URLSearchParams(body);
           const redirectUri = form.get('redirect_uri') || '';
           const state = form.get('state') || '';
+          // Validate the presented ThumbGate key before issuing a code. When keys
+          // are configured (production) the key MUST match a configured admin /
+          // operator / reviewer key — otherwise OAuth would authenticate nobody.
+          // In insecure/dev mode (no keys configured) any non-empty key is accepted.
+          if (!resolveKeyRole(form.get('api_key') || '')) {
+            sendJson(res, 400, { error: 'access_denied', error_description: 'invalid ThumbGate API key' });
+            return;
+          }
           const issued = mcpOauth.createAuthorizationCode(oauthStore, {
             clientId: form.get('client_id') || '',
             redirectUri,
@@ -6397,6 +6467,49 @@ ${hidden}
     }
 
 
+    // Remote MCP connector documentation — the `resource_documentation` target
+    // advertised by /.well-known/oauth-protected-resource. The Claude Connectors
+    // Directory requires this URL to resolve (200) for submission review.
+    if (isGetLikeRequest && (pathname === '/docs/connectors' || pathname === '/docs/connectors/')) {
+      const mcpUrl = buildPublicUrl(hostedConfig, '/mcp');
+      const cardUrl = buildPublicUrl(hostedConfig, '/.well-known/mcp/server-card.json');
+      const prmUrl = buildPublicUrl(hostedConfig, '/.well-known/oauth-protected-resource');
+      sendHtml(res, 200, `<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Remote MCP Connector — ThumbGate</title><meta name="description" content="Connect ThumbGate to Claude as a remote MCP server: OAuth 2.1 (PKCE) authorization, available tools, and the read-only reviewer credential."><style>body{font-family:system-ui,-apple-system,sans-serif;max-width:780px;margin:0 auto;padding:32px 20px;line-height:1.55;color:#1f2937}h1{font-size:30px;margin:0 0 8px}.lede{color:#6b7280;font-size:18px;margin:0 0 28px}h2{font-size:20px;margin:28px 0 8px}code{background:#f3f4f6;padding:1px 6px;border-radius:4px;font-size:13.5px}pre{background:#0f172a;color:#e2e8f0;padding:14px 16px;border-radius:8px;overflow:auto;font-size:13px}a{color:#0066cc}ol,ul{padding-left:22px}li{margin:6px 0}.note{border-left:3px solid #22d3ee;background:#ecfeff;padding:10px 14px;border-radius:0 8px 8px 0;margin:16px 0}footer{margin-top:40px;padding-top:20px;border-top:1px solid #e5e7eb;color:#6b7280;font-size:14px}</style></head><body>
+<h1>ThumbGate — Remote MCP Connector</h1>
+<p class="lede">ThumbGate is a remote Model Context Protocol (MCP) server. Add it as a connector in Claude to give an agent governed access to ThumbGate's feedback capture, lesson retrieval, context assembly, and pre-action gate tools — over HTTP, authenticated with OAuth 2.1.</p>
+
+<h2>Connect URL</h2>
+<pre>${esc(mcpUrl)}</pre>
+<p>In Claude, add a custom connector and paste the URL above. Claude discovers the authorization server automatically via the protected-resource metadata at <a href="${esc(prmUrl)}">${esc(prmUrl)}</a>.</p>
+
+<h2>Authorization (OAuth 2.1 + PKCE)</h2>
+<ol>
+  <li>Claude reads the <code>resource</code> and <code>authorization_servers</code> from the protected-resource metadata.</li>
+  <li>It runs the standard OAuth 2.1 authorization-code flow with PKCE (<code>S256</code> only — <code>plain</code> is rejected).</li>
+  <li>The issued access token is audience-bound to the <code>${esc(mcpUrl)}</code> resource (RFC 8707); a token for any other audience is rejected.</li>
+  <li>The bearer token is then sent on the <code>Authorization</code> header for every <code>tools/call</code>.</li>
+</ol>
+
+<h2>Available tools</h2>
+<p>The full, machine-readable tool registry — names, input schemas, and the <code>readOnlyHint</code> / <code>destructiveHint</code> annotations — is published at <a href="${esc(cardUrl)}">${esc(cardUrl)}</a>. Tools fall into these groups:</p>
+<ul>
+  <li><strong>Feedback &amp; lessons</strong> — <code>capture_feedback</code>, <code>feedback_summary</code>, <code>search_lessons</code>, <code>retrieve_lessons</code>, <code>prevention_rules</code>.</li>
+  <li><strong>Context engineering</strong> — <code>construct_context_pack</code>, <code>evaluate_context_pack</code>, <code>unified_context</code>, <code>recall</code>.</li>
+  <li><strong>Pre-action gates &amp; governance</strong> — <code>satisfy_gate</code>, <code>track_action</code>, <code>approve_protected_action</code>, <code>verify_claim</code>, <code>enforcement_matrix</code>.</li>
+  <li><strong>Diagnostics &amp; planning</strong> — <code>diagnose_failure</code>, <code>suggest_fix</code>, <code>security_scan</code>, and the <code>plan_*</code> advisory tools.</li>
+</ul>
+
+<h2>Reviewer credential (read-only)</h2>
+<div class="note">For directory reviewers: ThumbGate issues a dedicated <strong>read-only</strong> reviewer credential. A token bound to that credential may invoke only tools annotated <code>readOnlyHint: true</code>; any write or mutating tool call is rejected. This makes the credential safe to share for review without granting the ability to mutate shared server state. Request it from the contact below.</div>
+
+<h2>Source &amp; contact</h2>
+<p>Open-source CLI and server: <a href="https://github.com/IgorGanapolsky/ThumbGate">github.com/IgorGanapolsky/ThumbGate</a>. Questions or reviewer-credential requests: <a href="mailto:igor.ganapolsky@gmail.com">igor.ganapolsky@gmail.com</a>.</p>
+
+<footer><a href="/">ThumbGate</a> · <a href="/support">Support</a> · <a href="/privacy">Privacy</a> · <a href="/terms">Terms</a></footer>
+</body></html>`, {}, { headOnly: isHeadRequest });
+      return;
+    }
+
     // Public support / contact page — required for Stripe Business → Public
     // details "Customer support URL" field. Single source of truth for how
     // customers reach us (email, GitHub issues, status page).
@@ -6753,6 +6866,7 @@ ${hidden}
             bundleId: body.bundleId,
             partnerProfile: body.partnerProfile,
             delegationMode: body.delegationMode,
+            enforcePlanQuality: body.enforcePlanQuality === true,
             approved: body.approved === true,
             repoPath: body.repoPath,
           });