thumbgate 1.26.1 → 1.26.2

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.26.1",
+  "version": "1.26.2",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -14,7 +14,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.26.1",
+      "version": "1.26.2",
       "author": {
         "name": "Igor Ganapolsky",
         "email": "ig5973700@gmail.com",

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
-  "version": "1.26.1",
+  "version": "1.26.2",
   "author": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com",

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.26.1",
+  "version": "1.26.2",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate.ai",
   "transport": "stdio",

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.26.1", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.26.2", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.26.1", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.26.2", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -230,7 +230,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.26.1' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.26.2' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.26.1",
+        "thumbgate@1.26.2",
         "thumbgate",
         "serve"
       ],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.26.1",
+  "version": "1.26.2",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate.ai",
   "repository": {
@@ -136,6 +136,7 @@
     "scripts/noop-detect.js",
     "scripts/obsidian-export.js",
     "scripts/operational-dashboard.js",
+    "scripts/operational-summary.js",
     "scripts/operational-integrity.js",
     "scripts/oss-pr-opportunity-scout.js",
     "scripts/otel-declarative-config.js",

package/public/index.html

@@ -20,7 +20,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:image" content="https://thumbgate.ai/og.png">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://thumbgate.ai/og.png">
-<meta name="thumbgate-version" content="1.26.1">
+<meta name="thumbgate-version" content="1.26.2">
 <meta name="keywords" content="ThumbGate, thumbgate, AI agent orchestration, AI experience orchestration, agentic development cycle, AC/DC framework, Guide Generate Verify Solve, agent enforcement layer, save LLM tokens, reduce Claude API cost, reduce OpenAI cost, AI agent token savings, prevent LLM retries, prevent hallucination retries, stop AI token waste, pre-action checks, agent governance, Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, workflow hardening, context engineering, AI authenticity, brand authenticity AI">
 <link rel="canonical" href="__APP_ORIGIN__/">
 <link rel="alternate" type="text/markdown" title="ThumbGate LLM context" href="__APP_ORIGIN__/llm-context.md">
@@ -1594,7 +1594,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.26.1</span>
+    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.26.2</span>
   </div>
 </footer>
 

package/public/numbers.html

@@ -25,7 +25,7 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.26.1",
+  "softwareVersion": "1.26.2",
   "url": "https://thumbgate.ai/numbers",
   "dateModified": "2026-05-07",
   "creator": {
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.26.1</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.26.2</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
 
   <h2>Gate enforcement</h2>

package/scripts/operational-summary.js

@@ -0,0 +1,178 @@
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const os = require('node:os');
+const { getBillingSummaryLive } = require('./billing');
+const { resolveAnalyticsWindow } = require('./analytics-window');
+const { resolveHostedBillingConfig } = require('./hosted-config');
+
+// Configure fetch proxy when running behind a corporate/sandbox proxy
+(function configureProxy() {
+  const proxyUrl = process.env.HTTPS_PROXY || process.env.https_proxy
+    || process.env.HTTP_PROXY || process.env.http_proxy;
+  if (!proxyUrl) return;
+  try {
+    const { ProxyAgent, setGlobalDispatcher } = require('undici');
+    setGlobalDispatcher(new ProxyAgent(proxyUrl));
+  } catch {
+    // undici not available — fetch will use default dispatcher
+  }
+}());
+
+const OPERATOR_CONFIG_PATH = path.join(os.homedir(), '.config', 'thumbgate', 'operator.json');
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return null;
+  const text = String(value).trim();
+  return text || null;
+}
+
+function loadOperatorConfig(configPath = OPERATOR_CONFIG_PATH) {
+  try {
+    const raw = fs.readFileSync(configPath, 'utf8');
+    const parsed = JSON.parse(raw);
+    return {
+      operatorKey: normalizeText(parsed.operatorKey),
+      baseUrl: normalizeText(parsed.baseUrl),
+    };
+  } catch {
+    return { operatorKey: null, baseUrl: null };
+  }
+}
+
+function shouldPreferHostedSummary() {
+  return String(process.env.THUMBGATE_METRICS_SOURCE || '').trim().toLowerCase() !== 'local';
+}
+
+function resolveHostedSummaryConfig() {
+  const runtimeConfig = resolveHostedBillingConfig();
+  const operatorConfig = loadOperatorConfig();
+  // Priority: env THUMBGATE_OPERATOR_KEY > local config file > env THUMBGATE_API_KEY
+  const apiKey = normalizeText(process.env.THUMBGATE_OPERATOR_KEY)
+    || operatorConfig.operatorKey
+    || normalizeText(process.env.THUMBGATE_API_KEY);
+  const apiBaseUrl = normalizeText(process.env.THUMBGATE_BILLING_API_BASE_URL)
+    || operatorConfig.baseUrl
+    || runtimeConfig.billingApiBaseUrl;
+  return {
+    apiBaseUrl,
+    apiKey,
+  };
+}
+
+async function fetchHostedBillingSummary(options = {}, config = resolveHostedSummaryConfig()) {
+  const analyticsWindow = resolveAnalyticsWindow(options);
+  if (!shouldPreferHostedSummary()) {
+    const err = new Error('Hosted operational summary is disabled.');
+    err.code = 'hosted_summary_disabled';
+    throw err;
+  }
+  if (!config.apiBaseUrl || !config.apiKey) {
+    const err = new Error('Hosted operational summary is not configured.');
+    err.code = 'hosted_summary_unconfigured';
+    throw err;
+  }
+
+  const requestUrl = new URL('/v1/billing/summary', config.apiBaseUrl);
+  requestUrl.searchParams.set('window', analyticsWindow.window);
+  requestUrl.searchParams.set('timezone', analyticsWindow.timeZone);
+  if (options.now !== undefined && options.now !== null && options.now !== '') {
+    requestUrl.searchParams.set('now', analyticsWindow.now);
+  }
+
+  const response = await fetch(requestUrl, {
+    method: 'GET',
+    headers: {
+      authorization: `Bearer ${config.apiKey}`,
+      accept: 'application/json',
+    },
+  });
+
+  if (!response.ok) {
+    const detail = await response.text().catch(() => '');
+    const err = new Error(`Hosted operational summary request failed (${response.status}): ${detail || 'unknown error'}`);
+    err.code = 'hosted_summary_http_error';
+    err.status = response.status;
+    throw err;
+  }
+
+  return response.json();
+}
+
+async function getOperationalBillingSummary(options = {}) {
+  const analyticsWindow = resolveAnalyticsWindow(options);
+  try {
+    const summary = await fetchHostedBillingSummary(analyticsWindow);
+    return {
+      source: 'hosted',
+      summary,
+      fallbackReason: null,
+      hostedStatus: 200,
+      summaryWindow: analyticsWindow.window,
+    };
+  } catch (err) {
+    const reason = err && err.message ? err.message : 'hosted_summary_unavailable';
+    const status = err && typeof err.status === 'number' ? err.status : null;
+    const code = err && err.code ? err.code : null;
+
+    // Hosted deliberately disabled or never configured — local fallback is
+    // intentional, not a degraded state. Tag as plain 'local'.
+    if (code === 'hosted_summary_disabled' || code === 'hosted_summary_unconfigured') {
+      return {
+        source: 'local',
+        summary: await getBillingSummaryLive(analyticsWindow),
+        fallbackReason: reason,
+        hostedStatus: null,
+        summaryWindow: analyticsWindow.window,
+      };
+    }
+
+    // Auth failure is the most dangerous case: if hosted Stripe data says
+    // we have paid customers and local ledgers are empty, silently returning
+    // "$0.00" is a lie that hides actual revenue. Refuse to guess — surface
+    // an actionable error so the operator fixes the key before any
+    // downstream report renders wrong numbers.
+    if (status === 401 || status === 403) {
+      const authErr = new Error(
+        `Hosted billing summary rejected credentials (HTTP ${status}). ` +
+        `The operator key on this machine does not match the one on the ` +
+        `hosted deployment. Fix: set THUMBGATE_OPERATOR_KEY in this shell, ` +
+        `or update the operatorKey field in ~/.config/thumbgate/operator.json, ` +
+        `to match Railway's THUMBGATE_OPERATOR_KEY. ` +
+        `Running this command without hosted auth would report local-only ` +
+        `data as ground truth, which may not reflect actual Stripe revenue. ` +
+        `Original response: ${reason}`
+      );
+      authErr.code = 'hosted_summary_unauthorized';
+      authErr.status = status;
+      throw authErr;
+    }
+
+    // Non-auth failure (network, 5xx, config) — local fallback is still
+    // useful for dev workflows, but tag the source so downstream renderers
+    // and agents do not mistake it for verified hosted truth.
+    //
+    // Log only the status code (trusted) — the full reason contains upstream
+    // response text and is only returned structurally via fallbackReason.
+    console.warn(
+      `[operational-summary] Hosted billing unreachable (status=${status ?? 'network'}); ` +
+      `falling back to LOCAL-UNVERIFIED state. Numbers below may not reflect actual Stripe revenue.`
+    );
+    return {
+      source: 'local-unverified',
+      summary: await getBillingSummaryLive(analyticsWindow),
+      fallbackReason: reason,
+      hostedStatus: status,
+      summaryWindow: analyticsWindow.window,
+    };
+  }
+}
+
+module.exports = {
+  fetchHostedBillingSummary,
+  getOperationalBillingSummary,
+  resolveHostedSummaryConfig,
+  shouldPreferHostedSummary,
+  loadOperatorConfig,
+};