thumbgate 1.26.0 → 1.26.1

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.26.0",
+  "version": "1.26.1",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -14,7 +14,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.26.0",
+      "version": "1.26.1",
       "author": {
         "name": "Igor Ganapolsky",
         "email": "ig5973700@gmail.com",

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
-  "version": "1.26.0",
+  "version": "1.26.1",
   "author": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com",

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.26.0",
+  "version": "1.26.1",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate.ai",
   "transport": "stdio",

package/README.md

@@ -24,24 +24,7 @@ The product is a self-improving enforcement layer: thumbs-down feedback, prompt
 npx thumbgate init   # auto-detects your agent, wires hooks, 30 seconds
 ```
 
-Works with **Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode** and any MCP-compatible agent.
-
-### Add ThumbGate to Claude (remote connector, 30 seconds, no install)
-
-ThumbGate is a hosted remote MCP server. To use it in **Claude.ai / Claude Desktop**:
-**Settings → Connectors → Add custom connector**, then paste:
-
-```
-https://thumbgate.ai/mcp
-```
-
-That's it — Claude can now call ThumbGate's gate-check and feedback tools directly.
-For local/CLI agents (Claude Code, Cursor, Codex, …) use `npx thumbgate init`, which
-auto-wires the hooks. (The same server is published to the [MCP Registry](https://registry.modelcontextprotocol.io) as `io.github.IgorGanapolsky/thumbgate`.)
-
-**Free:** 5 feedback captures/day (25 total captures), 3 active auto-promoted prevention rules, all MCP integrations, local-first.
-**[Pro — $19/mo or $149/yr](https://thumbgate.ai/checkout/pro?utm_source=github&utm_medium=readme):** no limits on captures or rules, history-aware lessons, feedback sessions, hosted dashboard, DPO export.
-**Team — $49/seat/mo:** shared hosted lesson DB, org dashboard, approval boundaries.
+Works with **Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode** and any MCP-compatible agent. Free tier: unlimited feedback captures and 5 active auto-promoted prevention rules. [Pro: $19/mo or $149/yr](https://thumbgate.ai/checkout/pro?utm_source=github&utm_medium=readme) — unlimited rules, history-aware lessons, feedback sessions, dashboard, DPO export. Team is $49/seat/mo with a shared hosted lesson DB and org dashboard.
 
 [![CI](https://github.com/IgorGanapolsky/ThumbGate/actions/workflows/ci.yml/badge.svg)](https://github.com/IgorGanapolsky/ThumbGate/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/thumbgate)](https://www.npmjs.com/package/thumbgate)
@@ -49,9 +32,11 @@ auto-wires the hooks. (The same server is published to the [MCP Registry](https:
 
 ---
 
-> **Visibility isn't trust.** A dashboard shows you what an agent did; it doesn't stop the agent from doing it again. ThumbGate is the enforcement layer: PreToolUse gates, thumbs-down → rule, and an audit trail on every interception — so a mistake gets blocked, not just logged.
+> *"A better dashboard doesn't make the agents more reliable. The hard part isn't visibility. It's trust."*
+>
+> — **Rob May**, CEO & co-founder, Neurometric AI, quoted in [The New Stack](https://thenewstack.io/claude-code-agent-view/) on Anthropic's Claude Code Agent View (May 2026).
 >
-> Published in the [MCP Registry](https://registry.modelcontextprotocol.io) (`io.github.IgorGanapolsky/thumbgate`) and usable as a one-line Claude connector.
+> ThumbGate is the open-source layer that makes the trust part real: PreToolUse gates, thumbs-down to rule, audit trail on every interception.
 
 ---
 
@@ -124,11 +109,37 @@ ThumbGate doesn't make your agent smarter. It makes your agent *cheaper to be wr
 
 ---
 
+## 🧠 The Context Brain
+
+Every coding agent starts each session amnesiac — it has no memory of the mistakes it made yesterday, the fixes your team already rejected, or the rules this repo enforces. So it repeats them, and you pay for it again.
+
+ThumbGate gives your repo a **context brain**: a single, versioned, agent-readable artifact that consolidates everything the agent should know *before it acts* — the lessons it has learned, the guardrails it must not cross, the gates that are enforced, and the project's own instruction files.
+
+```bash
+npx thumbgate brain --write     # → .thumbgate/BRAIN.md
+```
+
+Then point your agent at it — add `Read .thumbgate/BRAIN.md first` to your `CLAUDE.md` / `AGENTS.md`, and every Claude Code, Codex, Cursor, or Gemini CLI session boots with your repo's institutional memory already loaded. The output is **deterministic**, so `BRAIN.md` lives in git and only changes when the underlying memory does — review it like any other file.
+
+```
+# ThumbGate Context Brain
+## What this codebase taught its agents (lessons)
+- ⛔ Force-pushing to main was rejected — use --force-with-lease on feature branches only
+## Guardrails — do NOT repeat these (prevention rules)
+- Never run DROP on production tables
+## Active enforcement (gates)
+- `DROP.*production` → block
+```
+
+Same idea the SEO world is now calling a *"client brain"* — persistent context that AI reads before doing the work — applied to **engineering**: the institutional memory that stops your coding agent from relearning the same lesson on your dime.
+
+---
+
 ## Quick Start
 
 ```bash
 npx thumbgate init                                                         # auto-detects your agent, wires everything
-npx thumbgate capture --feedback=down --context="Never run DROP on production tables"
+npx thumbgate capture down "Never run DROP on production tables"
 ```
 
 That single command creates a prevention rule. Next time any AI agent tries to run `DROP` on production:
@@ -313,8 +324,9 @@ ThumbGate sells three concrete outcomes:
 ```bash
 npx thumbgate init                                              # detect agent, wire hooks
 npx thumbgate doctor                                            # health check
-npx thumbgate capture --feedback=up|down --context="<text>"    # capture a signal as a stored lesson
+npx thumbgate capture up|down "<text>"                         # capture a signal as a stored lesson (positional format)
 npx thumbgate lessons                                           # see what's been learned
+npx thumbgate brain --write                                     # build .thumbgate/BRAIN.md — the agent-readable context brain
 npx thumbgate explore    # terminal explorer for lessons, checks, stats
 npx thumbgate background-governance  # review background-agent run risk
 npx thumbgate model-candidates --workload=dashboard-analysis --provider=openai --json  # evaluate GPT-5.5 routing
@@ -332,8 +344,8 @@ npx thumbgate bench --programbench-smoke  # include cleanroom whole-repo proof l
 | | Free | Pro ($19/mo) | Team ($49/seat/mo) | Enterprise |
 |---|---|---|---|---|
 | Local CLI + enforced checks | ✅ | ✅ | ✅ | ✅ |
-| Feedback captures | 5/day, 25 total | Unlimited | Unlimited | Unlimited |
-| Auto-promoted prevention rules | 3 active | Unlimited | Unlimited | Unlimited |
+| Feedback captures (lifetime) | 3 | Unlimited | Unlimited | Unlimited |
+| Auto-promoted prevention rules | 1 | Unlimited | Unlimited | Unlimited |
 | MCP agent integrations | All | All | All | All |
 | Personal dashboard | — | ✅ | ✅ | ✅ |
 | DPO export (model fine-tuning) | — | ✅ | ✅ | ✅ |
@@ -346,9 +358,9 @@ npx thumbgate bench --programbench-smoke  # include cleanroom whole-repo proof l
 | Compliance audit export | — | — | — | ✅ |
 | Dedicated onboarding + SLA | — | — | — | ✅ |
 
-The free tier gives you 5 feedback captures/day, 25 total captures, and up to 3 active auto-promoted prevention rules — enough to prove value without replacing Pro for daily operators. MCP integrations for all agents (Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode) ship free.
+The free tier gives you unlimited feedback captures and up to 5 active auto-promoted prevention rules — generous enough to make ThumbGate part of your daily flow. MCP integrations for all agents (Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode) ship free.
 
-Pro ($19/mo or $149/yr) removes the capture/rule caps and adds history-aware lesson recall, lesson search, DPO export, hosted sync, and a personal dashboard. Team ($49/seat/mo) adds a shared hosted lesson DB, org dashboard, and shared enforcement across the org. Enterprise adds regulatory gate templates (legal intake, financial compliance, healthcare), custom policy layers scoped to firm/practice-area, compliance audit export, and dedicated onboarding with SLA.
+Pro ($19/mo or $149/yr) removes the rule cap and adds history-aware lesson recall, lesson search, DPO export, and a personal dashboard. Team ($49/seat/mo) adds a shared hosted lesson DB, org dashboard, and shared enforcement across the org. Enterprise adds regulatory gate templates (legal intake, financial compliance, healthcare), custom policy layers scoped to firm/practice-area, compliance audit export, and dedicated onboarding with SLA.
 
 **Best first paid motion for teams:** the **Workflow Hardening Sprint** — qualify one repeated failure before committing to a full rollout. **[Start intake →](https://thumbgate.ai/?utm_source=github&utm_medium=readme&utm_campaign=team_rollout#workflow-sprint-intake)**
 
@@ -437,7 +449,7 @@ curl -X POST http://localhost:3456/v1/dpo/export \
 | Layer | Technology |
 |-------|-----------|
 | **Storage** | SQLite + FTS5, LanceDB vectors, JSONL logs |
-| **Capture** | 10/day on Free; unlimited on Pro/Team |
+| **Capture** | Unlimited feedback captures (free + Pro) |
 | **Intelligence** | MemAlign dual recall, Thompson Sampling |
 | **Enforcement** | PreToolUse hook engine, Checks config |
 | **Interfaces** | MCP stdio, HTTP API, CLI (Node.js >=18) |
@@ -488,6 +500,26 @@ Free and self-hosted users can invoke `search_lessons` directly through MCP, and
 
 ---
 
+## Enterprise Gating (Vertex AI & Google Cloud)
+
+For enterprise subscriptions, ThumbGate natively integrates with Google Cloud Platform and **Vertex AI** to route all agent checks through compliant Gemini models inside your corporate VPC.
+
+### Zero-Friction Setup
+To instantly wire your local installation to Google Cloud, simply run:
+```bash
+npx thumbgate setup-vertex
+```
+* **Auto-Discovery:** Automatically detects your active authenticated `gcloud` session and active project ID.
+* **Auto-Enablement:** Programmatically enables the Vertex AI API in your project.
+* **Auto-Configuration:** Writes secure billing and project credentials directly to your local `.env` file.
+
+### Zero-Friction Cost Containment ($10/mo Hard Cap)
+Google Cloud budget alerts are "alert-only" and do not stop API traffic, risking unexpected bill shock. ThumbGate completely resolves this on the client side:
+* **Instant Shutdown:** ThumbGate maintains a lightweight, local token ledger and instantly halts outgoing API traffic the millisecond your monthly token spending approaches the **$10 limit** (500k tokens of Gemini 1.5 Flash).
+* **Bypasses Console Complexity:** Requires **zero** GCP web console setups, zero Pub/Sub topics, and zero Cloud Functions. Perfect for non-technical managers and teams.
+
+---
+
 ## FAQ
 
 **Is ThumbGate a model fine-tuning tool?**
@@ -500,9 +532,9 @@ Those are suggestions the agent can ignore. ThumbGate checks are enforced — th
 If it supports MCP or pre-action hooks, yes. Claude Code, Claude Desktop, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode all work out of the box.
 
 **Is it free?**
-The free tier gives you 5 feedback captures/day, 25 total captures, and up to 3 active auto-promoted prevention rules. MCP integrations ship free for every agent.
+The free tier gives you unlimited feedback captures and up to 5 active auto-promoted prevention rules — generous enough for solo devs to use daily. MCP integrations ship free for every agent.
 
-Pro ($19/mo or $149/yr) removes the capture/rule caps and adds history-aware lesson recall, lesson search, hosted sync, and a personal dashboard. Team ($49/seat/mo) adds a shared hosted lesson DB, org dashboard, and shared enforcement.
+Pro ($19/mo or $149/yr) removes the rule cap and adds history-aware lesson recall, lesson search, and a personal dashboard. Team ($49/seat/mo) adds a shared hosted lesson DB, org dashboard, and shared enforcement.
 
 ---
 
@@ -519,9 +551,8 @@ Pro ($19/mo or $149/yr) removes the capture/rule caps and adds history-aware les
 - [Agent Workflow Contract](WORKFLOW.md) — the agent-run contract for all ThumbGate operations
 - [Ready for Agent Intake](https://github.com/IgorGanapolsky/ThumbGate/issues/new?template=ready-for-agent.yml) — ready-for-agent intake template
 - [SEO Guide: Claude Code Guardrails](docs/learn/claude-code-guardrails.md)
-- [Unsupervised Learning Signals](docs/UL.md) — silent-failure clustering (experimental, behind `THUMBGATE_SILENT_FAILURE_CLUSTERING=1`; only useful on workspaces with ≥ 50 tool calls/day)
+- [Unsupervised Learning Signals](docs/UL.md) — silent-failure clustering (**on by default** as of 2026-05-21; opt out via `THUMBGATE_SILENT_FAILURE_CLUSTERING=0`; only meaningfully active on workspaces with ≥ 50 tool calls/day)
 - [ThumbGate-Core](https://github.com/IgorGanapolsky/ThumbGate-Core) — private core for hosted overlays, ranking, policy synthesis, billing intelligence, and org/team workflows
-- [mac-yolo-safeguards](https://github.com/IgorGanapolsky/mac-yolo-safeguards?utm_source=thumbgate&utm_medium=readme&utm_campaign=companion_kit) — OS-level companion kit (macOS). ThumbGate stops the agent from billing you for repeated mistakes (token-layer governance). mac-yolo-safeguards stops the agent from freezing your Mac when it spawns runaway processes (OS-layer blast-radius containment). Same author, MIT, no telemetry.
 
 ---
 

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.26.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.26.1", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.26.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.26.1", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -70,6 +70,20 @@ const {
   verifyClaimEvidence,
   registerClaimGate,
 } = require('../../scripts/gates-engine');
+const { mergeRepeatMetricIntoGateStats } = require('../../scripts/repeat-metric');
+const {
+  detectNoop,
+  computeActionStateHash,
+  recordActionAttempt,
+  isRepeatAttempt,
+} = require('../../scripts/noop-detect');
+const {
+  recordReceipt,
+  getReceiptForAction,
+  getRecentReceipts,
+  pairFeedbackWithReceipt,
+  buildReceiptContextEntries,
+} = require('../../scripts/action-receipts');
 const {
   evaluateOperationalIntegrity,
 } = require('../../scripts/operational-integrity');
@@ -216,7 +230,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.26.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.26.1' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -524,6 +538,28 @@ function buildContextPackResponse(args = {}) {
     maxChars: Number(args.maxChars || 6000),
     namespaces,
   });
+  // Feed outcome-paired action receipts into the pack so an action->outcome
+  // history is available alongside lessons/rules. Additive + guarded: a
+  // receipt-store failure must never break context pack construction.
+  try {
+    const receiptEntries = buildReceiptContextEntries(args.query || '', Number(args.maxItems || 8));
+    if (Array.isArray(receiptEntries) && receiptEntries.length && Array.isArray(pack.items)) {
+      for (const entry of receiptEntries) {
+        pack.items.push({
+          id: `action-receipt_${entry && entry.score != null ? entry.score : ''}_${pack.items.length}`,
+          namespace: 'action-receipts',
+          title: 'Action receipt outcome',
+          structuredContext: { rawContent: entry && entry.text ? String(entry.text) : '' },
+          tags: ['action-receipt', 'outcome-paired'],
+          score: entry && typeof entry.score === 'number' ? entry.score : 0,
+        });
+      }
+      if (!Array.isArray(pack.namespaces)) pack.namespaces = [];
+      if (!pack.namespaces.includes('action-receipts')) pack.namespaces.push('action-receipts');
+    }
+  } catch {
+    // ignore receipt enrichment failures
+  }
   return toTextResult(pack);
 }
 
@@ -670,9 +706,13 @@ async function callToolInner(name, args) {
   if (name === 'describe_reliability_entity') name = 'describe_semantic_entity';
 
   switch (name) {
-    case 'capture_feedback':
-
-      return toCaptureFeedbackTextResult(captureFeedback(args));
+    case 'capture_feedback': {
+      // Outcome-paired lessons: enrich the feedback payload with the matching
+      // action receipt (this action -> this outcome) before promotion. Returns
+      // args unchanged when there is no matching receipt (non-breaking).
+      const pairedFeedback = pairFeedbackWithReceipt(args);
+      return toCaptureFeedbackTextResult(captureFeedback(pairedFeedback));
+    }
     case 'feedback_summary':
       return toTextResult(feedbackSummary(Number(args.recent || 20)));
     case 'search_lessons': {
@@ -949,12 +989,49 @@ async function callToolInner(name, args) {
       });
     case 'track_action': {
       const entry = trackAction(args.actionId, args.metadata || {});
-      return toTextResult({
+      const result = {
         tracked: true,
         actionId: args.actionId,
         ...entry,
+      };
+      // No-op / repeat signal: when the caller carries a precomputed state hash
+      // in metadata, surface whether this exact (action, state) was already
+      // attempted this session. Additive flag, non-breaking.
+      const metadataStateHash = args.metadata && args.metadata.stateHash;
+      if (metadataStateHash) {
+        try {
+          result.repeatSignal = isRepeatAttempt(
+            (args.metadata && args.metadata.sessionId) || 'default',
+            args.actionId,
+            metadataStateHash,
+          );
+        } catch {
+          // repeat detection is best-effort
+        }
+      }
+      return toTextResult(result);
+    }
+    case 'detect_noop': {
+      const stateHash = computeActionStateHash(args);
+      const noop = detectNoop(args);
+      const sessionId = args.sessionId || 'default';
+      const repeat = isRepeatAttempt(sessionId, args.actionId, stateHash);
+      recordActionAttempt(sessionId, args.actionId, stateHash);
+      return toTextResult({
+        noop: noop.noop,
+        repeat,
+        reason: noop.reason,
+        stateHash,
       });
     }
+    case 'record_action_receipt':
+      return toTextResult(recordReceipt(args));
+    case 'get_action_receipts':
+      return toTextResult(
+        args.actionId
+          ? getReceiptForAction(args.actionId)
+          : getRecentReceipts(Number(args.limit || 20)),
+      );
     case 'verify_claim':
       return toTextResult(verifyClaimEvidence(args.claim, { goalContract: args.goalContract }));
     case 'require_evidence_for_claim': {
@@ -1084,7 +1161,7 @@ async function callToolInner(name, args) {
     case 'register_claim_gate':
       return toTextResult(registerClaimGate(args.claimPattern, args.requiredActions, args.message));
     case 'gate_stats':
-      return toTextResult(loadGateStats());
+      return toTextResult(mergeRepeatMetricIntoGateStats(loadGateStats()));
     case 'dashboard':
       return toTextResult(generateDashboard(getFeedbackPaths().FEEDBACK_DIR));
     case 'org_dashboard':

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.26.0",
+        "thumbgate@1.26.1",
         "thumbgate",
         "serve"
       ],