thumbgate 1.26.5 → 1.26.7

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.26.5",
+  "version": "1.26.7",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -14,7 +14,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.26.5",
+      "version": "1.26.7",
       "author": {
         "name": "Igor Ganapolsky",
         "email": "ig5973700@gmail.com",

package/.claude-plugin/plugin.json

@@ -1,14 +1,14 @@
 {
   "name": "thumbgate",
   "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
-  "version": "1.26.5",
+  "version": "1.26.7",
   "author": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com",
     "url": "https://thumbgate.ai"
   },
   "homepage": "https://thumbgate.ai",
-  "repository": "git+https://github.com/IgorGanapolsky/ThumbGate",
+  "repository": "https://github.com/IgorGanapolsky/ThumbGate",
   "license": "MIT",
   "category": "developer-tools",
   "keywords": [

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.26.5",
+  "version": "1.26.7",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate.ai",
   "transport": "stdio",

package/README.md

@@ -335,8 +335,36 @@ npx thumbgate dashboard  # open local dashboard
 npx thumbgate serve      # start MCP server on stdio
 npx thumbgate bench      # run reliability benchmark
 npx thumbgate bench --programbench-smoke  # include cleanroom whole-repo proof lane
+npx thumbgate break-glass --reason="ThumbGate over-fired"  # short TTL recovery for gate over-fire
 ```
 
+### Recovery if a gate over-fires
+
+ThumbGate should block repeated unsafe actions, not trap the operator. If a noisy rule or stale memory pattern blocks the hook/settings change you need to recover, open a short-lived break-glass window:
+
+```bash
+npx thumbgate break-glass --reason="ThumbGate over-fired and blocked operator recovery"
+```
+
+What this unlocks for up to 5 minutes:
+
+- Edits to `.claude/settings.local.json`, `.claude/settings.json`, `.codex/config.toml`, and the same files inside nested workspaces.
+- The short-lived proof gates used for PR recovery: `pr_create_allowed` and `pr_threads_checked`.
+
+What stays gated:
+
+- Force pushes, protected-branch pushes, broad `rm -rf`, unsafe `chmod`, package publishes/releases, and local-only remote side effects.
+- Arbitrary protected files such as `README.md`, `AGENTS.md`, policy bundles, or credentials.
+
+Verify the recovery window and runtime health before continuing:
+
+```bash
+npx thumbgate break-glass --reason="verify recovery path" --json
+npx thumbgate doctor
+```
+
+If you change MCP or hook settings, restart the affected agent session so Claude Code, Cursor, Codex, or another runtime reloads `.mcp.json` and local settings.
+
 ---
 
 ## Pricing
@@ -505,18 +533,20 @@ Free and self-hosted users can invoke `search_lessons` directly through MCP, and
 For enterprise subscriptions, ThumbGate natively integrates with Google Cloud Platform and **Vertex AI** to route all agent checks through compliant Gemini models inside your corporate VPC.
 
 ### Zero-Friction Setup
-To instantly wire your local installation to Google Cloud, simply run:
+To wire local ThumbGate scoring to Vertex AI, run:
 ```bash
 npx thumbgate setup-vertex
 ```
 * **Auto-Discovery:** Automatically detects your active authenticated `gcloud` session and active project ID.
 * **Auto-Enablement:** Programmatically enables the Vertex AI API in your project.
-* **Auto-Configuration:** Writes secure billing and project credentials directly to your local `.env` file.
+* **Auto-Configuration:** Writes local Vertex routing settings to your `.env` file.
+
+This command does **not** create or verify a live Dialogflow CX agent. On current Google Cloud CLI installs, the old alpha gcloud CX command group is not available; verify Conversational Agents / Dialogflow CX with the Google Cloud console or the official Dialogflow CX REST API (`projects.locations.agents`) before claiming a live DFCX deployment.
 
 ### Zero-Friction Cost Containment ($10/mo Hard Cap)
 Google Cloud budget alerts are "alert-only" and do not stop API traffic, risking unexpected bill shock. ThumbGate completely resolves this on the client side:
 * **Instant Shutdown:** ThumbGate maintains a lightweight, local token ledger and instantly halts outgoing API traffic the millisecond your monthly token spending approaches the **$10 limit** (500k tokens of Gemini 1.5 Flash).
-* **Bypasses Console Complexity:** Requires **zero** GCP web console setups, zero Pub/Sub topics, and zero Cloud Functions. Perfect for non-technical managers and teams.
+* **Bypasses extra shutdown plumbing:** Requires no Pub/Sub or Cloud Functions for the local ThumbGate-side stop condition. You still need normal Google Cloud billing/API setup and live-agent verification for DFCX pilots.
 
 ---
 

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.26.5", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.26.7", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.26.5", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.26.7", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -231,7 +231,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.26.5' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.26.7' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.26.5",
+        "thumbgate@1.26.7",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -700,10 +700,11 @@ async function setupVertex() {
   // 4. Print gorgeous success activation box
   console.log('');
   console.log('  ╭──────────────────────────────────────────────────────────╮');
-  console.log('  │  🎉 Vertex AI Setup Complete — ZERO FRICTION!            │');
+  console.log('  │  Vertex AI Setup Complete                                │');
   console.log('  │                                                         │');
-  console.log('  │  ThumbGate is now fully wired to your GCP environment.   │');
-  console.log('  │  All agent checks will route securely via Vertex AI.     │');
+  console.log('  │  ThumbGate wrote local Vertex routing config.            │');
+  console.log('  │  This does not create or verify a Dialogflow CX agent.   │');
+  console.log('  │  Verify DFCX with the console or Dialogflow CX REST API. │');
   console.log('  │                                                         │');
   console.log('  │  Try a test run:                                        │');
   console.log('  │  npx thumbgate feedback-self-test                       │');
@@ -2407,6 +2408,11 @@ function optimize() {
   doOptimize();
 }
 
+function syncGcp() {
+  const { syncToGcp } = require(path.join(PKG_ROOT, 'adapters', 'gcp', 'sync.js'));
+  syncToGcp();
+}
+
 function cleanup() {
   console.log('Cleaning up ThumbGate processes...');
   try {
@@ -2963,7 +2969,7 @@ const SUBCOMMAND_HELP = {
   suggest:       'Usage: npx thumbgate suggest <gate-id>\n\nSuggest fixes for a specific gate based on lesson history.',
   cost:          'Usage: npx thumbgate cost [--json] [--stats <path>] [--mix \'{"claude-sonnet-4-5":0.8,...}\']\n\nShow cumulative $ and tokens saved by PreToolUse gate blocks. Reads ~/.thumbgate/gate-stats.json.',
   savings:       'Usage: npx thumbgate savings [--json] [--stats <path>] [--mix \'{"claude-sonnet-4-5":0.8,...}\']\n\nAlias for `thumbgate cost`.',
-  'setup-vertex': 'Usage: npx thumbgate setup-vertex\n\nAuto-enable Vertex AI API on GCP and write secure credentials to local .env.',
+  'setup-vertex': 'Usage: npx thumbgate setup-vertex\n\nAuto-enable Vertex AI API on GCP and write local Vertex routing config to .env. This does not create or verify a Dialogflow CX agent; use the Dialogflow CX REST API or console for live-agent evidence.',
   brain: 'Usage: npx thumbgate brain [--write] [--json] [--limit=N]\n\nBuild the agent-readable "context brain" — a single artifact consolidating this\nrepo\'s lessons, prevention rules, active gates, and project context for a coding\nagent to read BEFORE acting. --write saves it to .thumbgate/BRAIN.md (versioned,\ndeterministic). --json emits the structured model. --limit caps lessons (default 15).',
 };
 
@@ -3120,6 +3126,9 @@ switch (COMMAND) {
   case 'cleanup':
     cleanup();
     break;
+  case 'sync-gcp':
+    syncGcp();
+    break;
   case 'gate-check':
     gateCheck().catch((err) => {
       console.error(err && err.message ? err.message : err);

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "thumbgate",
-  "version": "1.26.5",
+  "version": "1.26.7",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate.ai",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/IgorGanapolsky/ThumbGate.git"
+    "url": "https://github.com/IgorGanapolsky/ThumbGate.git"
   },
   "bugs": {
     "url": "https://github.com/IgorGanapolsky/ThumbGate/issues"
@@ -63,6 +63,7 @@
     "scripts/context-manager.js",
     "scripts/contextfs.js",
     "scripts/conversation-context.js",
+    "scripts/dashboard-chat.js",
     "scripts/dashboard-render-spec.js",
     "scripts/dashboard.js",
     "scripts/decision-journal.js",

package/public/dashboard.html

@@ -189,11 +189,18 @@
   .settings-card .team-value, .origin-value { font-size: 18px; font-weight: 700; color: var(--text); margin-top: 8px; word-break: break-word; }
   .origin-list, .layer-list, .routing-list { display: flex; flex-direction: column; gap: 12px; }
   .origin-note, .layer-note, .routing-note { font-size: 13px; color: var(--text-muted); line-height: 1.55; }
+  .enterprise-chat-layout { display: grid; grid-template-columns: minmax(0, 1.3fr) minmax(260px, 0.7fr); gap: 16px; align-items: start; }
+  .enterprise-chat-box { min-height: 110px; resize: vertical; width: 100%; background: var(--bg-raised); border: 1px solid var(--border); border-radius: 8px; padding: 12px 14px; color: var(--text); font-size: 14px; font-family: var(--font); line-height: 1.5; }
+  .enterprise-chat-box:focus { outline: none; border-color: var(--cyan); }
+  .enterprise-answer { margin-top: 14px; background: var(--bg-raised); border: 1px solid var(--border); border-radius: 10px; padding: 16px; min-height: 92px; font-size: 14px; color: var(--text); line-height: 1.65; }
+  .enterprise-answer.blocked { border-color: rgba(248,113,113,0.45); background: rgba(248,113,113,0.07); }
+  .enterprise-source-list { display: flex; flex-wrap: wrap; gap: 8px; margin-top: 12px; }
+  .enterprise-source { font-size: 11px; border: 1px solid var(--border); border-radius: 999px; padding: 4px 9px; color: var(--text-muted); background: var(--bg-card); }
 
   @media (max-width: 700px) {
     .stats-grid { grid-template-columns: repeat(2, 1fr); }
     .search-filters { flex-wrap: wrap; }
-    .team-grid, .template-grid, .team-columns, .settings-grid, .generated-grid, .inventory-grid { grid-template-columns: 1fr; }
+    .team-grid, .template-grid, .team-columns, .settings-grid, .generated-grid, .inventory-grid, .enterprise-chat-layout { grid-template-columns: 1fr; }
   }
 </style>
 </head>
@@ -253,6 +260,19 @@
     <a class="stat-card" data-card-action="gates" onclick="selectCard(this,'gates');return false;" href="#" style="cursor:pointer;text-decoration:none;color:inherit;display:block;" title="Click to view active checks"><div class="stat-label">Active Gates</div><div class="stat-value cyan" id="statGates">—</div></a>
   </div>
 
+  <div class="panel" id="chatPanel" style="margin-bottom:20px;">
+    <div style="display:flex;align-items:baseline;gap:10px;flex-wrap:wrap;margin-bottom:10px;">
+      <h2 style="margin:0;">💬 Chat with your data</h2>
+      <span style="font-size:13px;color:var(--text-muted);">Ask about your captured lessons, mistakes, and rules — answered by Gemini, grounded only in your data.</span>
+    </div>
+    <div id="chatMessages" style="max-height:360px;overflow-y:auto;margin-bottom:12px;display:none;padding-right:4px;"></div>
+    <div style="display:flex;gap:8px;">
+      <input id="chatInput" class="auth-input" style="flex:1;" placeholder="e.g. What mistakes have we made, and how do we avoid them?" onkeydown="if(event.key==='Enter'){event.preventDefault();sendChat();}" />
+      <button class="btn" id="chatSend" onclick="sendChat()">Ask</button>
+    </div>
+    <div id="chatHint" style="font-size:12px;color:var(--text-muted);margin-top:8px;">Powered by your captured lessons + Gemini. Set <code style="font-family:var(--mono);">GEMINI_API_KEY</code> (<code style="font-family:var(--mono);">npx thumbgate setup-vertex --write</code>) to enable.</div>
+  </div>
+
   <div class="panel" id="reviewDeltaPanel" style="margin-bottom:20px;">
     <div style="display:flex;justify-content:space-between;gap:16px;align-items:flex-start;flex-wrap:wrap;">
       <div>
@@ -284,6 +304,7 @@
     <div class="tab active" onclick="switchTab('search')">🔍 Search Memories</div>
     <div class="tab" onclick="switchTab('gates')">🛡️ Active Gates</div>
     <div class="tab" onclick="switchTab('team')">👥 Team</div>
+    <div class="tab" onclick="switchTab('enterprise')">🏢 Enterprise Chat</div>
     <div class="tab" onclick="switchTab('generated')">🧩 Generated Views</div>
     <div class="tab" onclick="switchTab('settings')">⚙️ Policy Origins</div>
     <div class="tab" onclick="switchTab('templates')">🧱 Gate Templates</div>
@@ -387,6 +408,33 @@
     </div>
   </div>
 
+  <!-- ENTERPRISE CHAT TAB -->
+  <div class="tab-content" id="tab-enterprise">
+    <div class="templates-section">
+      <h2>Enterprise Dialogflow Data Chat</h2>
+      <p class="template-summary">Ask questions over local ThumbGate feedback, lessons, gates, team posture, and Vertex/DFCX readiness. This local panel uses ThumbGate's DFCX-compatible guard before data access; it does not claim a live Google Dialogflow CX agent unless deployment evidence is configured.</p>
+      <div class="enterprise-chat-layout">
+        <div class="panel">
+          <h3>Chat With Local ThumbGate Data</h3>
+          <textarea class="enterprise-chat-box" id="enterpriseChatPrompt" placeholder="Ask: What mistakes are recurring? Which gates blocked the most? Is Vertex configured? What is our DFCX readiness?"></textarea>
+          <div style="display:flex;gap:10px;align-items:center;margin-top:12px;flex-wrap:wrap;">
+            <button class="btn" id="enterpriseChatBtn" onclick="sendEnterpriseChat()">Ask ThumbGate</button>
+            <button class="btn-outline" onclick="setEnterprisePrompt('Which gates are blocking risky actions?')">Gates</button>
+            <button class="btn-outline" onclick="setEnterprisePrompt('What feedback mistakes keep repeating?')">Feedback</button>
+            <button class="btn-outline" onclick="setEnterprisePrompt('Is Vertex and DFCX configured?')">Cloud</button>
+          </div>
+          <div class="enterprise-answer" id="enterpriseChatAnswer">Connect your dashboard, then ask about local ThumbGate data.</div>
+          <div class="enterprise-source-list" id="enterpriseChatSources"></div>
+        </div>
+        <div class="panel">
+          <h3>Enterprise Readiness</h3>
+          <div class="inventory-tools" id="enterpriseStatusCards"><div class="loading">Loading enterprise status...</div></div>
+          <div class="template-summary" style="margin-top:14px;margin-bottom:0;">Live DFCX proof must come from the Conversational Agents console, deployed webhook URL, Cloud Run logs, or the Dialogflow CX REST API <code style="font-family:var(--mono);font-size:12px;">projects.locations.agents</code>.</div>
+        </div>
+      </div>
+    </div>
+  </div>
+
   <!-- GENERATED TAB -->
   <div class="tab-content" id="tab-generated">
     <div class="templates-section">
@@ -637,6 +685,62 @@ function getHeaders() {
   return { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' };
 }
 
+// --- Chat with your data ---------------------------------------------------
+function chatEscape(s) {
+  return String(s == null ? '' : s).replace(/[&<>"']/g, function (c) {
+    return { '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c];
+  });
+}
+function chatAppend(who, text) {
+  var messages = document.getElementById('chatMessages');
+  var row = document.createElement('div');
+  row.style.cssText = 'margin-bottom:14px;';
+  row.innerHTML = '<div style="font-size:11px;color:var(--text-muted);text-transform:uppercase;letter-spacing:0.5px;margin-bottom:3px;">'
+    + (who === 'you' ? 'You' : 'ThumbGate') + '</div><div class="chat-body" style="line-height:1.5;">' + chatEscape(text) + '</div>';
+  messages.appendChild(row);
+  return row.querySelector('.chat-body');
+}
+function chatRenderAnswer(a) {
+  return chatEscape(a)
+    .replace(/\*\*(.+?)\*\*/g, '<strong>$1</strong>')
+    .replace(/\[(\d+)\]/g, '<sup style="color:var(--cyan);font-weight:600;">[$1]</sup>')
+    .replace(/\n/g, '<br>');
+}
+function chatRenderSources(sources) {
+  if (!sources || !sources.length) return '';
+  var items = sources.map(function (s, i) {
+    var label = chatEscape(String(s.title || s.id || '').slice(0, 64));
+    return '<span title="' + label + '" style="display:inline-block;font-size:11px;background:var(--cyan-dim);color:var(--cyan);padding:2px 7px;border-radius:5px;margin:4px 5px 0 0;">[' + (i + 1) + '] ' + label + '</span>';
+  }).join('');
+  return '<div style="margin-top:10px;">' + items + '</div>';
+}
+async function sendChat() {
+  var input = document.getElementById('chatInput');
+  var q = (input.value || '').trim();
+  if (!q) return;
+  var messages = document.getElementById('chatMessages');
+  var sendBtn = document.getElementById('chatSend');
+  messages.style.display = 'block';
+  chatAppend('you', q);
+  input.value = '';
+  sendBtn.disabled = true;
+  var pending = chatAppend('bot', 'Thinking…');
+  try {
+    var res = await fetch('/v1/chat', { method: 'POST', headers: getHeaders(), body: JSON.stringify({ question: q }) });
+    var data = await res.json();
+    if (data && data.ok) {
+      pending.innerHTML = chatRenderAnswer(data.answer) + chatRenderSources(data.sources);
+    } else {
+      pending.innerHTML = '<em style="color:var(--text-muted);">' + chatEscape((data && data.message) || 'Chat is unavailable.') + '</em>';
+    }
+  } catch (e) {
+    pending.innerHTML = '<em style="color:var(--text-muted);">Chat request failed: ' + chatEscape(String((e && e.message) || e)) + '</em>';
+  } finally {
+    sendBtn.disabled = false;
+    messages.scrollTop = messages.scrollHeight;
+  }
+}
+
 function hasBootstrapKey() {
   return LOCAL_PRO_BOOTSTRAP && Boolean(BOOTSTRAP_API_KEY);
 }
@@ -646,25 +750,29 @@ async function connect(options) {
   var input = document.getElementById('apiKey');
   API_KEY = String(opts.key || input.value || '').trim();
   if (!API_KEY) return;
+  
+  const isEnterprise = API_KEY.startsWith('tg_op_') || API_KEY.startsWith('tg_creator_');
+  const tierName = isEnterprise ? 'Enterprise' : 'Pro';
+
   const status = document.getElementById('authStatus');
   const btn = document.getElementById('connectBtn');
   btn.disabled = true;
   status.className = 'auth-status';
-  status.textContent = opts.localPro ? 'Connecting local dashboard...' : 'Connecting...';
+  status.textContent = opts.localPro ? `Connecting local dashboard...` : 'Connecting...';
   try {
     const res = await fetch('/v1/feedback/stats', { headers: getHeaders() });
     if (!res.ok) throw new Error('Invalid API key');
     const data = await res.json();
     status.className = 'auth-status ok';
-    status.textContent = opts.localPro ? '✓ Local Pro dashboard connected' : '✓ Connected';
+    status.textContent = opts.localPro ? `✓ Local ${tierName} connected` : '✓ Connected';
     document.getElementById('dashboardContent').style.display = 'block';
     if (opts.localPro) {
       input.value = 'local-license';
       input.disabled = true;
-      input.placeholder = 'Local Pro auto-connected';
+      input.placeholder = `Local ${tierName} auto-connected`;
       btn.disabled = true;
       document.getElementById('demoBtn').style.display = 'none';
-      document.getElementById('authHelp').textContent = 'Local Pro is active on this machine. Your personal dashboard is using the saved license key automatically.';
+      document.getElementById('authHelp').textContent = `Local ${tierName} is active on this machine. Your dashboard is using the saved license key automatically.`;
     }
     renderStats(data);
     setSelectedCard('all');
@@ -677,7 +785,7 @@ async function connect(options) {
     status.className = 'auth-status err';
     status.textContent = '✗ ' + e.message;
     if (opts.localPro) {
-      document.getElementById('authHelp').textContent = 'Local Pro bootstrap failed. Paste your THUMBGATE_API_KEY manually or retry the local launcher.';
+      document.getElementById('authHelp').textContent = `Local ${tierName} bootstrap failed. Paste your THUMBGATE_API_KEY manually or retry the local launcher.`;
     }
   }
   if (!opts.localPro) {
@@ -1034,9 +1142,14 @@ async function markReviewed() {
   try {
     var res = await fetch('/v1/dashboard/review-state', {
       method: 'POST',
-      headers: getHeaders()
+      headers: getHeaders(),
+      body: JSON.stringify({ reviewedAt: new Date().toISOString() })
     });
-    if (!res.ok) throw new Error('Failed to save review checkpoint');
+    if (!res.ok) {
+      var errText = '';
+      try { errText = await res.text(); } catch (_) { errText = ''; }
+      throw new Error(errText || 'Failed to save review checkpoint');
+    }
     var body = await res.json();
     renderReviewDelta(body.reviewDelta || {});
   } catch (e) {
@@ -1074,6 +1187,7 @@ function renderDashboardData(data) {
   renderRegulatedProof(data.regulatedProof || {});
   renderTemplates(data.templateLibrary || {});
   renderInsights(data);
+  loadEnterpriseDialogflowStatus();
 }
 
 function renderGeneratedViewToolbar(spec) {
@@ -1513,6 +1627,83 @@ function renderTemplates(templateLibrary) {
     : '<div class="empty">No check templates available</div>';
 }
 
+function renderEnterpriseStatus(status) {
+  var target = document.getElementById('enterpriseStatusCards');
+  if (!target) return;
+  var vertex = status && status.vertex ? status.vertex : {};
+  var dfcx = status && status.dfcx ? status.dfcx : {};
+  var rows = [
+    { name: 'Vertex routing', value: vertex.configured ? 'Configured' : 'Not configured', note: vertex.projectId ? ('Project: ' + vertex.projectId + ' · ' + (vertex.location || '')) : 'Run setup-vertex or set GOOGLE_VERTEX_PROJECT.' },
+    { name: 'DFCX live agent', value: dfcx.liveAgentConfigured ? 'Env present' : 'Not proven', note: dfcx.verification || 'Verify with REST/console evidence.' },
+    { name: 'Fulfillment proxy', value: dfcx.fulfillmentProxyConfigured ? 'Configured' : 'Not configured', note: 'Set THUMBGATE_DFCX_FULFILLMENT_URL for a deployed proxy.' },
+    { name: 'gcloud CX command', value: 'Unsupported', note: 'Do not use the old alpha gcloud CX command group; use REST API or console.' }
+  ];
+  target.innerHTML = rows.map(function(row) {
+    return '<div class="inventory-row"><div><div class="inventory-name">' + escHtml(row.name) + '</div><div class="inventory-subtitle">' + escHtml(row.note) + '</div></div><span class="remediation-action">' + escHtml(row.value) + '</span></div>';
+  }).join('');
+}
+
+async function loadEnterpriseDialogflowStatus() {
+  if (!API_KEY || isDemo) {
+    renderEnterpriseStatus({ vertex: {}, dfcx: { verification: 'Connect to load local status.' } });
+    return;
+  }
+  try {
+    var res = await fetch('/v1/enterprise/dialogflow/status', { headers: getHeaders() });
+    if (!res.ok) throw new Error('status unavailable');
+    renderEnterpriseStatus(await res.json());
+  } catch (err) {
+    var target = document.getElementById('enterpriseStatusCards');
+    if (target) target.innerHTML = '<div class="empty">Enterprise status unavailable.</div>';
+  }
+}
+
+function setEnterprisePrompt(prompt) {
+  var input = document.getElementById('enterpriseChatPrompt');
+  if (input) input.value = prompt;
+}
+
+async function sendEnterpriseChat() {
+  var input = document.getElementById('enterpriseChatPrompt');
+  var answer = document.getElementById('enterpriseChatAnswer');
+  var sources = document.getElementById('enterpriseChatSources');
+  var button = document.getElementById('enterpriseChatBtn');
+  var prompt = input ? input.value.trim() : '';
+  if (!prompt) {
+    answer.textContent = 'Ask a question first.';
+    return;
+  }
+  if (!API_KEY) {
+    answer.textContent = 'Connect your dashboard before using Enterprise Chat.';
+    return;
+  }
+  button.disabled = true;
+  answer.className = 'enterprise-answer';
+  answer.textContent = 'Running the DFCX guard and reading local dashboard data...';
+  sources.innerHTML = '';
+  try {
+    var res = await fetch('/v1/enterprise/dialogflow/chat', {
+      method: 'POST',
+      headers: getHeaders(),
+      body: JSON.stringify({ prompt: prompt })
+    });
+    var data = await res.json();
+    if (!res.ok) throw new Error(data.detail || data.error || 'chat failed');
+    answer.className = 'enterprise-answer' + (data.blocked ? ' blocked' : '');
+    answer.textContent = data.answer || 'No answer returned.';
+    var list = Array.isArray(data.sources) ? data.sources : [];
+    sources.innerHTML = list.map(function(source) {
+      return '<span class="enterprise-source">' + escHtml(source) + '</span>';
+    }).join('');
+    renderEnterpriseStatus(data.status || {});
+  } catch (err) {
+    answer.className = 'enterprise-answer blocked';
+    answer.textContent = err.message || 'Enterprise chat failed.';
+  } finally {
+    button.disabled = false;
+  }
+}
+
 document.addEventListener('click', function(event) {
   var tagButton = event.target.closest('.tag[data-tag]');
   if (!tagButton) return;
@@ -2097,6 +2288,7 @@ function renderGateAuditChartFromData(gateAudit) {
     },
   });
 }
+
 </script>
 </body>
 </html>

package/public/index.html

@@ -20,7 +20,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:image" content="https://thumbgate.ai/og.png">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://thumbgate.ai/og.png">
-<meta name="thumbgate-version" content="1.26.5">
+<meta name="thumbgate-version" content="1.26.7">
 <meta name="keywords" content="ThumbGate, thumbgate, AI agent orchestration, AI experience orchestration, agentic development cycle, AC/DC framework, Guide Generate Verify Solve, agent enforcement layer, save LLM tokens, reduce Claude API cost, reduce OpenAI cost, AI agent token savings, prevent LLM retries, prevent hallucination retries, stop AI token waste, pre-action checks, agent governance, Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, workflow hardening, context engineering, AI authenticity, brand authenticity AI">
 <link rel="canonical" href="__APP_ORIGIN__/">
 <link rel="alternate" type="text/markdown" title="ThumbGate LLM context" href="__APP_ORIGIN__/llm-context.md">
@@ -1594,7 +1594,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.26.5</span>
+    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.26.7</span>
   </div>
 </footer>
 

package/public/numbers.html

@@ -25,7 +25,7 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.26.5",
+  "softwareVersion": "1.26.7",
   "url": "https://thumbgate.ai/numbers",
   "dateModified": "2026-05-07",
   "creator": {
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.26.5</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.26.7</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
 
   <h2>Gate enforcement</h2>

package/scripts/dashboard-chat.js

@@ -0,0 +1,138 @@
+'use strict';
+
+// scripts/dashboard-chat.js
+// -----------------------------------------------------------------------------
+// "Chat with your data" — the dashboard chat backend. Answers a natural-language
+// question about THIS install's ThumbGate data (captured lessons + prevention
+// rules) by retrieving the most relevant lessons and asking Gemini to answer
+// grounded ONLY in that retrieved context (RAG). No data leaves the box except
+// the retrieved snippets + the question, sent to the configured Gemini endpoint.
+//
+// Enterprise framing: this is the in-product "chat with your governed data"
+// experience. (The Dialogflow CX messenger widget is the separate path where a
+// customer connects their own DFCX agent + the ThumbGate webhook gate.)
+// -----------------------------------------------------------------------------
+
+const path = require('path');
+
+const GEMINI_ENDPOINT = 'https://generativelanguage.googleapis.com/v1beta/models';
+const DEFAULT_MODEL = 'gemini-2.5-flash';
+const MAX_QUESTION_CHARS = 2000;
+const MAX_CONTEXT_LESSONS = 8;
+
+function resolveApiKey(opts = {}) {
+  return opts.apiKey || process.env.GEMINI_API_KEY || process.env.THUMBGATE_GEMINI_API_KEY || '';
+}
+
+// Retrieve the most relevant stored lessons for the question.
+function retrieveContext(question, opts = {}) {
+  let searchLessons;
+  try {
+    ({ searchLessons } = require(path.join(__dirname, 'lesson-search')));
+  } catch (_) {
+    return [];
+  }
+  let res;
+  try {
+    res = searchLessons(String(question || ''), {
+      limit: MAX_CONTEXT_LESSONS,
+      feedbackDir: opts.feedbackDir,
+    });
+  } catch (_) {
+    return [];
+  }
+  const rows = (res && (res.results || res.lessons)) || [];
+  return rows.slice(0, MAX_CONTEXT_LESSONS).map((l) => ({
+    id: l.id,
+    signal: l.signal || l.feedback || '',
+    title: (l.title || '').replace(/^(?:MISTAKE|SUCCESS):\s*/i, '').slice(0, 160),
+    content: String(l.content || l.context || '').replace(/\s+/g, ' ').trim().slice(0, 600),
+    tags: l.tags || [],
+  })).filter((l) => l.content || l.title);
+}
+
+// Build a grounded RAG prompt. Pure function (testable).
+function buildChatPrompt(question, lessons) {
+  const q = String(question || '').slice(0, MAX_QUESTION_CHARS).trim();
+  const context = (lessons || []).map((l, i) => {
+    const mark = /pos|up/i.test(l.signal) ? 'WORKED' : (/neg|down/i.test(l.signal) ? 'MISTAKE' : 'NOTE');
+    const tags = (l.tags || []).length ? ` [tags: ${l.tags.join(', ')}]` : '';
+    return `(${i + 1}) [${mark}] ${l.title || ''}${tags}\n    ${l.content}`;
+  }).join('\n');
+
+  const system = [
+    'You are ThumbGate\'s "chat with your data" assistant. Answer the user\'s question',
+    'using ONLY the captured lessons below (this team\'s real feedback history).',
+    'Be concise and specific. Cite the lesson numbers you used like [1], [3].',
+    'If the lessons do not contain the answer, say so plainly — do not invent facts.',
+  ].join(' ');
+
+  return `${system}\n\n=== Captured lessons (your data) ===\n${context || '(no relevant lessons found)'}\n\n=== Question ===\n${q}`;
+}
+
+// Parse the Gemini generateContent response into plain text. Pure (testable).
+function parseGeminiAnswer(body) {
+  const parts = body
+    && body.candidates
+    && body.candidates[0]
+    && body.candidates[0].content
+    && body.candidates[0].content.parts;
+  if (!Array.isArray(parts)) return '';
+  return parts.map((p) => (p && typeof p.text === 'string' ? p.text : '')).join('').trim();
+}
+
+// Answer a question grounded in this install's lessons. Returns
+// { ok, answer, sources, model } or { ok:false, error, ... }.
+async function answerDataQuestion(question, opts = {}) {
+  const q = String(question || '').trim();
+  if (!q) return { ok: false, error: 'empty_question', message: 'Ask a question about your data.' };
+  if (q.length > MAX_QUESTION_CHARS) {
+    return { ok: false, error: 'question_too_long', message: `Question exceeds ${MAX_QUESTION_CHARS} characters.` };
+  }
+
+  const apiKey = resolveApiKey(opts);
+  const lessons = retrieveContext(q, opts);
+  const sources = lessons.map((l) => ({ id: l.id, title: l.title, signal: l.signal }));
+
+  if (!apiKey) {
+    return {
+      ok: false,
+      error: 'no_api_key',
+      message: 'Chat is not configured. Set GEMINI_API_KEY (e.g. `npx thumbgate setup-vertex --write`) to enable "chat with your data".',
+      sources,
+    };
+  }
+
+  const model = opts.model || process.env.THUMBGATE_GEMINI_MODEL || DEFAULT_MODEL;
+  const prompt = buildChatPrompt(q, lessons);
+  const fetchImpl = opts.fetch || globalThis.fetch;
+
+  try {
+    const res = await fetchImpl(`${GEMINI_ENDPOINT}/${encodeURIComponent(model)}:generateContent`, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json', 'x-goog-api-key': apiKey },
+      body: JSON.stringify({
+        contents: [{ role: 'user', parts: [{ text: prompt }] }],
+        generationConfig: { temperature: 0.2, maxOutputTokens: 1024 },
+      }),
+    });
+    const json = await res.json().catch(() => ({}));
+    if (!res.ok) {
+      const msg = (json && json.error && json.error.message) ? String(json.error.message).split('\n')[0] : `HTTP ${res.status}`;
+      return { ok: false, error: 'gemini_error', status: res.status, message: msg, sources };
+    }
+    const answer = parseGeminiAnswer(json);
+    return { ok: true, answer: answer || '(no answer returned)', sources, model: json.modelVersion || model };
+  } catch (err) {
+    return { ok: false, error: 'network', message: err && err.message ? err.message : String(err), sources };
+  }
+}
+
+module.exports = {
+  answerDataQuestion,
+  buildChatPrompt,
+  parseGeminiAnswer,
+  retrieveContext,
+  DEFAULT_MODEL,
+  MAX_QUESTION_CHARS,
+};

package/scripts/statusline-meta.js

@@ -8,10 +8,33 @@ function getStatuslineMeta(options = {}) {
   const pkg = require(path.join(__dirname, '..', 'package.json'));
   const env = options.env || process.env;
   const homeDir = options.homeDir || env.HOME || env.USERPROFILE || '.';
+  const fs = require('fs');
+  
+  // Enterprise detection based on key prefix
+  let apiKey = env.THUMBGATE_API_KEY || env.THUMBGATE_OPERATOR_KEY || '';
+  
+  // Fallback to reading from disk if not in env
+  if (!apiKey) {
+    try {
+      const configPath = path.join(homeDir, '.config', 'thumbgate', 'operator.json');
+      if (fs.existsSync(configPath)) {
+        const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+        apiKey = config.operatorKey || config.apiKey || '';
+      }
+    } catch (_) { /* ignore disk read errors */ }
+  }
+
+  let activeTier = 'Free';
+  
+  if (apiKey.startsWith('tg_op_') || apiKey.startsWith('tg_creator_')) {
+    activeTier = 'Enterprise';
+  } else if (isProLicensed({ homeDir }) || apiKey.startsWith('tg_pro_')) {
+    activeTier = 'Pro';
+  }
 
   return {
     version: String(pkg.version || '').trim() || 'unknown',
-    tier: isProLicensed({ homeDir }) ? 'Pro' : 'Free',
+    tier: activeTier,
   };
 }
 

package/scripts/statusline.sh

@@ -93,19 +93,17 @@ fi
 LINK_STATE="offline"
 UP_URL=""; DOWN_URL=""; DASHBOARD_URL=""; LESSONS_URL=""
 DASHBOARD_LABEL="Dashboard"; LESSONS_LABEL="Lessons"
-if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
-  _LINKS_JSON=$(node "${SCRIPT_DIR}/statusline-links.js" 2>/dev/null)
-  if [ -n "$_LINKS_JSON" ]; then
-    eval "$(echo "$_LINKS_JSON" | jq -r '
-      @sh "LINK_STATE=\(.state // "offline")",
-      @sh "UP_URL=\(.upUrl // "")",
-      @sh "DOWN_URL=\(.downUrl // "")",
-      @sh "DASHBOARD_URL=\(.dashboardUrl // "")",
-      @sh "LESSONS_URL=\(.lessonsUrl // "")",
-      @sh "DASHBOARD_LABEL=\(.dashboardLabel // "Dashboard")",
-      @sh "LESSONS_LABEL=\(.lessonsLabel // "Lessons")"
-    ' 2>/dev/null)"
-  fi
+_LINKS_JSON=$(node "${SCRIPT_DIR}/statusline-links.js" 2>/dev/null)
+if [ -n "$_LINKS_JSON" ]; then
+  eval "$(echo "$_LINKS_JSON" | jq -r '
+    @sh "LINK_STATE=\(.state // "offline")",
+    @sh "UP_URL=\(.upUrl // "")",
+    @sh "DOWN_URL=\(.downUrl // "")",
+    @sh "DASHBOARD_URL=\(.dashboardUrl // "")",
+    @sh "LESSONS_URL=\(.lessonsUrl // "")",
+    @sh "DASHBOARD_LABEL=\(.dashboardLabel // "Dashboard")",
+    @sh "LESSONS_LABEL=\(.lessonsLabel // "Lessons")"
+  ' 2>/dev/null)"
 fi
 
 # ── ThumbGate package metadata ────────────────────────────────────────
@@ -120,15 +118,13 @@ fi
 
 # ── Repo context (branch / work item / PR) ───────────────────────────
 BRANCH_NAME=""; WORK_ITEM_LABEL=""; PR_LABEL=""
-if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
-  _CONTEXT_JSON=$(node "${SCRIPT_DIR}/statusline-context.js" 2>/dev/null)
-  if [[ -n "$_CONTEXT_JSON" ]]; then
-    eval "$(echo "$_CONTEXT_JSON" | jq -r '
-      @sh "BRANCH_NAME=\(.branchName // "")",
-      @sh "WORK_ITEM_LABEL=\(.workItemLabel // "")",
-      @sh "PR_LABEL=\(.prLabel // "")"
-    ' 2>/dev/null)"
-  fi
+_CONTEXT_JSON=$(node "${SCRIPT_DIR}/statusline-context.js" 2>/dev/null)
+if [[ -n "$_CONTEXT_JSON" ]]; then
+  eval "$(echo "$_CONTEXT_JSON" | jq -r '
+    @sh "BRANCH_NAME=\(.branchName // "")",
+    @sh "WORK_ITEM_LABEL=\(.workItemLabel // "")",
+    @sh "PR_LABEL=\(.prLabel // "")"
+  ' 2>/dev/null)"
 fi
 
 # ── Control Tower stats ──────────────────────────────────────────
@@ -144,16 +140,14 @@ fi
 
 # ── Latest lesson (data available for extensions; not rendered in statusbar) ──
 LESSON_TEXT=""; LESSON_ID=""; LESSON_LABEL=""; LESSON_LINK=""
-if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
-  _LESSON_JSON=$(node "${SCRIPT_DIR}/statusline-lesson.js" 2>/dev/null)
-  if [[ -n "$_LESSON_JSON" ]]; then
-    eval "$(echo "$_LESSON_JSON" | jq -r '
-      @sh "LESSON_TEXT=\(.text // "")",
-      @sh "LESSON_ID=\(.lessonId // "")",
-      @sh "LESSON_LABEL=\(.label // "")",
-      @sh "LESSON_LINK=\(.link // "")"
-    ' 2>/dev/null)"
-  fi
+_LESSON_JSON=$(node "${SCRIPT_DIR}/statusline-lesson.js" 2>/dev/null)
+if [[ -n "$_LESSON_JSON" ]]; then
+  eval "$(echo "$_LESSON_JSON" | jq -r '
+    @sh "LESSON_TEXT=\(.text // "")",
+    @sh "LESSON_ID=\(.lessonId // "")",
+    @sh "LESSON_LABEL=\(.label // "")",
+    @sh "LESSON_LINK=\(.link // "")"
+  ' 2>/dev/null)"
 fi
 
 # ── Colors ────────────────────────────────────────────────────────
@@ -206,10 +200,10 @@ LINE="${LINE:+${LINE} · }ThumbGate v${TG_VERSION} · ${TG_TIER}"
 if [[ "$UP" = "0" && "$DOWN" = "0" ]]; then
   LINE="${D}${LINE}${RST} · no feedback yet"
   [[ -n "$PR_LABEL" ]] && LINE="${LINE} · ${D}${PR_LABEL}${RST}"
-  if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
-    LINE="${LINE} · ${C}${DASHBOARD_LINK}${RST} · ${M}${LESSONS_LINK}${RST}"
-    [[ -n "$LATEST_LESSON_LINK" ]] && LINE="${LINE} · ${D}${LATEST_LESSON_LINK}${RST}"
-  fi
+  
+  LINE="${LINE} · ${C}${DASHBOARD_LINK}${RST}"
+  [[ -n "$LATEST_LESSON_LINK" ]] && LINE="${LINE} · ${D}${LATEST_LESSON_LINK}${RST}"
+  
   printf '%b\n' "$LINE"
 else
   LINE="${LINE} · ${G}${BD}${UP}${RST}${UP_LINK} ${R}${BD}${DOWN}${RST}${DOWN_LINK} ${ARROW}"
@@ -219,10 +213,9 @@ else
   [[ "${AT_RISK:-0}" -gt 0 ]] && LINE="${LINE} ${R}${AT_RISK}⚠${RST}"
   [[ "${ANOMALIES:-0}" -gt 0 ]] && LINE="${LINE} ${R}${ANOMALIES}☠${RST}"
   [[ -n "$PR_LABEL" ]] && LINE="${LINE} · ${D}${PR_LABEL}${RST}"
-  if [[ "$STATUSLINE_VERBOSE" = "1" ]]; then
-    LINE="${LINE} · ${C}${DASHBOARD_LINK}${RST} · ${M}${LESSONS_LINK}${RST}"
-    [[ -n "$LATEST_LESSON_LINK" ]] && LINE="${LINE} · ${D}${LATEST_LESSON_LINK}${RST}"
-  fi
-
+  
+  LINE="${LINE} · ${C}${DASHBOARD_LINK}${RST}"
+  [[ -n "$LATEST_LESSON_LINK" ]] && LINE="${LINE} · ${D}${LATEST_LESSON_LINK}${RST}"
+  
   printf '%b\n' "$LINE"
 fi

package/src/api/server.js

@@ -166,6 +166,9 @@ const {
   readDashboardReviewState,
   writeDashboardReviewState,
 } = require('../../scripts/dashboard');
+const {
+  guardDfcxWebhook,
+} = require('../../adapters/gcp/dfcx-webhook-gate');
 const {
   buildDashboardRenderSpec,
 } = require('../../scripts/dashboard-render-spec');
@@ -1448,6 +1451,178 @@ async function loadLiveDashboardDataOrRespondProblem(res, parsed, feedbackDir, i
   }
 }
 
+function buildEnterpriseDialogflowStatus(env = process.env) {
+  const vertexProject = normalizeNullableText(env.VERTEX_PROJECT_ID)
+    || normalizeNullableText(env.GOOGLE_VERTEX_PROJECT);
+  const vertexLocation = normalizeNullableText(env.GOOGLE_VERTEX_LOCATION)
+    || normalizeNullableText(env.VERTEX_LOCATION)
+    || 'us-central1';
+  const dfcxFulfillmentUrl = normalizeNullableText(env.THUMBGATE_DFCX_FULFILLMENT_URL);
+  const dfcxAgentId = normalizeNullableText(env.THUMBGATE_DFCX_AGENT_ID);
+  const dfcxLocation = normalizeNullableText(env.THUMBGATE_DFCX_LOCATION);
+
+  return {
+    mode: 'local-dashboard',
+    vertex: {
+      configured: Boolean(vertexProject),
+      projectId: vertexProject,
+      location: vertexLocation,
+      providerMode: normalizeNullableText(env.THUMBGATE_PROVIDER_MODE) || null,
+    },
+    dfcx: {
+      apiSurface: 'Dialogflow CX REST API: projects.locations.agents',
+      liveAgentConfigured: Boolean(dfcxAgentId && dfcxLocation),
+      agentId: dfcxAgentId,
+      location: dfcxLocation,
+      fulfillmentProxyConfigured: Boolean(dfcxFulfillmentUrl),
+      fulfillmentUrlConfigured: Boolean(dfcxFulfillmentUrl),
+      gcloudCxCommandSupported: false,
+      verification: dfcxAgentId && dfcxLocation
+        ? 'Agent metadata is present in env; verify via REST/console before production claims.'
+        : 'No live DFCX agent env configured. Use REST/console/deployed webhook evidence before claiming a live agent.',
+    },
+    chat: {
+      available: true,
+      source: 'local ThumbGate dashboard data',
+      guard: 'DFCX-compatible pre-action gate adapter',
+    },
+  };
+}
+
+function normalizeEnterpriseChatPrompt(value) {
+  const text = normalizeNullableText(value);
+  if (!text) return null;
+  return text.slice(0, 800);
+}
+
+function classifyEnterpriseChatTopic(prompt) {
+  const lower = String(prompt || '').toLowerCase();
+  if (/gate|block|deny|prevent|guard/.test(lower)) return 'gates';
+  if (/lesson|memory|feedback|thumb|mistake|negative|positive/.test(lower)) return 'feedback';
+  if (/team|agent|org|enterprise|rollout/.test(lower)) return 'team';
+  if (/token|cost|saving|budget|spend/.test(lower)) return 'cost';
+  if (/vertex|gcp|google|dialogflow|dfcx|cloud/.test(lower)) return 'cloud';
+  return 'overview';
+}
+
+function containsUnsafeEnterpriseChatInput(prompt) {
+  return /[;&|`$<>\\]/.test(String(prompt || ''));
+}
+
+function compactNumber(value) {
+  const n = Number(value || 0);
+  return Number.isFinite(n) ? n : 0;
+}
+
+function buildEnterpriseChatAnswer(prompt, dashboardData, status) {
+  const topic = classifyEnterpriseChatTopic(prompt);
+  const approval = dashboardData.approval || {};
+  const gates = Array.isArray(dashboardData.gates) ? dashboardData.gates : [];
+  const gateStats = dashboardData.gateStats || {};
+  const team = dashboardData.team || {};
+  const tokenSavings = dashboardData.tokenSavings || {};
+  const lessonPipeline = dashboardData.lessonPipeline || {};
+  const lines = [];
+  const sources = ['local dashboard data'];
+
+  if (topic === 'feedback') {
+    lines.push(`Feedback total: ${compactNumber(approval.total)} (${compactNumber(approval.positive)} positive, ${compactNumber(approval.negative)} negative).`);
+    lines.push(`Lesson pipeline: ${compactNumber(lessonPipeline.lessons || lessonPipeline.generated || 0)} lessons visible in the current dashboard snapshot.`);
+    sources.push('feedback log', 'lesson pipeline');
+  } else if (topic === 'gates') {
+    lines.push(`Active gates: ${gates.length || compactNumber(gateStats.totalGates)}.`);
+    lines.push(`Blocked actions recorded: ${compactNumber(gateStats.blocked || gateStats.denied || gateStats.totalBlocked)}.`);
+    if (gates[0]) lines.push(`Example gate: ${gates[0].name || gates[0].id || 'unnamed gate'}.`);
+    sources.push('gate stats');
+  } else if (topic === 'team') {
+    lines.push(`Team dashboard is available in this local Enterprise view.`);
+    lines.push(`Tracked agents: ${compactNumber(team.totalAgents || team.agentCount || 0)}; risky agents: ${compactNumber(team.riskyAgents || team.highRiskAgents || 0)}.`);
+    sources.push('team dashboard');
+  } else if (topic === 'cost') {
+    lines.push(`Estimated token savings: ${tokenSavings.dollarsSavedDisplay || '$0.00'} from ${compactNumber(tokenSavings.blockedCalls)} blocked calls.`);
+    lines.push('Google Cloud budget alerts are evidence for spend visibility; ThumbGate-side stop conditions must be verified separately before calling them a hard cap.');
+    sources.push('token savings', 'budget posture');
+  } else if (topic === 'cloud') {
+    lines.push(status.vertex.configured
+      ? `Vertex routing config is present for project ${status.vertex.projectId} (${status.vertex.location}).`
+      : 'Vertex routing config is not present in this server environment.');
+    lines.push(status.dfcx.liveAgentConfigured
+      ? `DFCX env has agent ${status.dfcx.agentId} in ${status.dfcx.location}; verify it with REST/console before production claims.`
+      : 'No live DFCX agent is configured in env. Do not use the old alpha gcloud CX command group; verify agents with the Dialogflow CX REST API or console.');
+    sources.push('enterprise cloud status');
+  } else {
+    lines.push('Ask about feedback, lessons, active gates, team rollout, token savings, or Vertex/DFCX readiness.');
+    lines.push(`Current local snapshot: ${compactNumber(approval.total)} feedback events and ${gates.length || compactNumber(gateStats.totalGates)} active gates.`);
+  }
+
+  return {
+    topic,
+    answer: lines.join(' '),
+    sources,
+  };
+}
+
+async function answerEnterpriseDialogflowChat({ prompt, feedbackDir, parsed }) {
+  const normalizedPrompt = normalizeEnterpriseChatPrompt(prompt);
+  if (!normalizedPrompt) {
+    throw createHttpError(400, 'prompt is required');
+  }
+  const status = buildEnterpriseDialogflowStatus();
+  if (containsUnsafeEnterpriseChatInput(normalizedPrompt)) {
+    return {
+      ok: false,
+      blocked: true,
+      answer: 'This prompt contains unsafe control characters and was blocked before data access.',
+      status,
+      dfcx: {
+        blocked: true,
+        evaluation: {
+          allowed: false,
+          gate: 'enterprise-chat-unsafe-input',
+          severity: 'critical',
+        },
+      },
+      sources: ['enterprise input guard'],
+    };
+  }
+
+  const dashboardResult = await buildLiveDashboardData(parsed, feedbackDir);
+  const dashboardData = dashboardResult.data;
+  const chat = buildEnterpriseChatAnswer(normalizedPrompt, dashboardData, status);
+  const dfcxRequest = {
+    fulfillmentInfo: { tag: 'chat-with-data' },
+    sessionInfo: {
+      session: 'local-dashboard/enterprise-chat',
+      parameters: {
+        topic: chat.topic,
+        prompt_key: normalizedPrompt.toLowerCase().replace(/[^a-z0-9._ -]/g, '').slice(0, 64),
+      },
+    },
+    languageCode: 'en',
+  };
+  const guarded = await guardDfcxWebhook(
+    dfcxRequest,
+    async () => ({
+      fulfillment_response: { messages: [{ text: { text: [chat.answer] } }] },
+      session_info: { parameters: { thumbgate_topic: chat.topic } },
+    }),
+    { blockOnRepeat: false },
+  );
+
+  return {
+    ok: !guarded.blocked,
+    blocked: Boolean(guarded.blocked),
+    answer: guarded.blocked ? 'ThumbGate blocked this enterprise chat turn before data access.' : chat.answer,
+    status,
+    dfcx: {
+      blocked: Boolean(guarded.blocked),
+      evaluation: guarded.evaluation,
+      response: guarded.response,
+    },
+    sources: chat.sources,
+  };
+}
+
 function buildLossAnalyticsResponse(data, summaryOptions) {
   return {
     window: data.analytics.window || summaryOptions,
@@ -2068,6 +2243,7 @@ window.THUMBGATE_DASHBOARD_BOOTSTRAP = { enabled: ${bootstrapActive ? 'true' : '
 <p>This lightweight npm dashboard is bundled without marketing assets, so installs stay small while core feedback, lessons, and API routes remain available.</p>
 <div class="grid">
 <a class="card" href="/v1/dashboard"><strong>Dashboard JSON</strong><span>Inspect feedback totals, lesson counts, and Reliability Gateway health.</span></a>
+<a class="card" href="/v1/enterprise/dialogflow/status"><strong>Enterprise Dialogflow Data Chat</strong><span>Check Vertex/DFCX readiness and use /v1/enterprise/dialogflow/chat to query local ThumbGate data through the DFCX guard.</span></a>
 <a class="card" href="/lessons"><strong>Lessons</strong><span>Review remembered thumbs-up/down lessons and enforcement context.</span></a>
 <a class="card" href="/health"><strong>Health</strong><span>Verify the installed package version and runtime status.</span></a>
 </div>
@@ -6747,6 +6923,20 @@ ${hidden}
         return;
       }
 
+      // Chat with your data — RAG over this install's captured lessons, answered
+      // by Gemini grounded only in the retrieved context. Powers the dashboard
+      // "Chat with your data" panel.
+      if (req.method === 'POST' && pathname === '/v1/chat') {
+        const body = await parseJsonBody(req);
+        const { answerDataQuestion } = require('../../scripts/dashboard-chat');
+        const result = await answerDataQuestion(body.question || body.q || body.message, {
+          feedbackDir: requestFeedbackPaths.FEEDBACK_DIR,
+          model: typeof body.model === 'string' ? body.model : undefined,
+        });
+        sendJson(res, result.ok ? 200 : (result.error === 'no_api_key' ? 503 : 400), result);
+        return;
+      }
+
       // Server-Sent Events stream of live feedback / rule-regen / gate events.
       // Dashboard clients subscribe once (with the same Bearer auth already
       // required for /v1/feedback/stats) and receive pushed events as they
@@ -6802,6 +6992,22 @@ ${hidden}
         return;
       }
 
+      if (req.method === 'GET' && pathname === '/v1/enterprise/dialogflow/status') {
+        sendJson(res, 200, buildEnterpriseDialogflowStatus());
+        return;
+      }
+
+      if (req.method === 'POST' && pathname === '/v1/enterprise/dialogflow/chat') {
+        const body = await parseJsonBody(req, 16 * 1024);
+        const result = await answerEnterpriseDialogflowChat({
+          prompt: body.prompt || body.message || body.query,
+          feedbackDir: requestFeedbackDir,
+          parsed,
+        });
+        sendJson(res, 200, result);
+        return;
+      }
+
       if (req.method === 'GET' && pathname === '/v1/intents/catalog') {
         const mcpProfile = parsed.searchParams.get('mcpProfile') || undefined;
         const bundleId = parsed.searchParams.get('bundleId') || undefined;
@@ -7990,7 +8196,12 @@ ${hidden}
 
       // POST /v1/dashboard/review-state -- mark current dashboard state as reviewed
       if (req.method === 'POST' && pathname === '/v1/dashboard/review-state') {
+        const body = await parseJsonBody(req);
         const snapshot = buildReviewSnapshot(requestFeedbackDir);
+        // Override snapshot timestamp with client-provided one if available
+        if (body && body.reviewedAt) {
+          snapshot.reviewedAt = body.reviewedAt;
+        }
         writeDashboardReviewState(requestFeedbackDir, snapshot);
         const data = generateDashboard(requestFeedbackDir, {
           reviewBaseline: snapshot,
@@ -8306,6 +8517,9 @@ module.exports = {
     resolveLocalPageBootstrap,
     getPublicMcpTools,
     getServerCardTools,
+    buildEnterpriseDialogflowStatus,
+    buildEnterpriseChatAnswer,
+    answerEnterpriseDialogflowChat,
   },
 };