thumbgate 1.26.8 → 1.27.3

package/public/chatgpt-app.html

@@ -0,0 +1,330 @@
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>ThumbGate for ChatGPT - GPT Action + Agent Guardrails</title>
+  <meta name="description" content="Open the ThumbGate GPT, import the GPT Action schema, and connect ChatGPT lessons to local Codex, Claude Code, Cursor, and MCP agent enforcement.">
+  <link rel="canonical" href="https://thumbgate.ai/chatgpt-app">
+  <link rel="alternate" type="text/markdown" title="ThumbGate LLM context" href="https://thumbgate.ai/llm-context.md">
+  <meta property="og:title" content="ThumbGate for ChatGPT">
+  <meta property="og:description" content="A first-class ChatGPT entrypoint for preflighting risky agent actions and feeding typed lessons into ThumbGate enforcement.">
+  <meta property="og:type" content="website">
+  <meta property="og:url" content="https://thumbgate.ai/chatgpt-app">
+  <meta property="og:image" content="https://thumbgate.ai/assets/brand/thumbgate-logo-1200x360.png">
+  <meta name="twitter:card" content="summary_large_image">
+  <script type="application/ld+json">
+  {
+    "@context": "https://schema.org",
+    "@type": "SoftwareApplication",
+    "name": "ThumbGate for ChatGPT",
+    "applicationCategory": "DeveloperApplication",
+    "operatingSystem": "Web, macOS, Linux, Windows",
+    "url": "https://thumbgate.ai/chatgpt-app",
+    "description": "ChatGPT GPT Action entrypoint for checking risky agent actions and carrying typed thumbs-up/down lessons into ThumbGate local enforcement.",
+    "offers": [
+      { "@type": "Offer", "price": "0", "priceCurrency": "USD", "name": "Free GPT entrypoint" },
+      { "@type": "Offer", "price": "19", "priceCurrency": "USD", "name": "ThumbGate Pro", "url": "https://thumbgate.ai/checkout/pro" }
+    ]
+  }
+  </script>
+  <style>
+    :root {
+      color-scheme: dark;
+      --bg: #050607;
+      --panel: #111418;
+      --panel-2: #171b20;
+      --line: #2a3038;
+      --cyan: #20d8ef;
+      --green: #55e38b;
+      --text: #f3f6f8;
+      --muted: #aab3bd;
+      --warning: #ffd166;
+    }
+    * { box-sizing: border-box; }
+    body {
+      margin: 0;
+      background: var(--bg);
+      color: var(--text);
+      font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+      letter-spacing: 0;
+    }
+    a { color: inherit; }
+    .shell { max-width: 1120px; margin: 0 auto; padding: 28px 20px 72px; }
+    .nav { display: flex; align-items: center; justify-content: space-between; gap: 18px; padding: 6px 0 28px; }
+    .brand { display: inline-flex; align-items: center; gap: 12px; font-weight: 800; text-decoration: none; }
+    .brand img { width: 34px; height: 34px; border-radius: 8px; }
+    .navlinks { display: flex; gap: 18px; flex-wrap: wrap; color: var(--muted); font-size: 14px; }
+    .navlinks a { text-decoration: none; }
+    .hero {
+      display: grid;
+      grid-template-columns: minmax(0, 1.04fr) minmax(320px, 0.96fr);
+      gap: 28px;
+      align-items: stretch;
+      padding: 34px 0 26px;
+    }
+    .eyebrow { color: var(--cyan); font-size: 13px; font-weight: 800; text-transform: uppercase; margin-bottom: 14px; }
+    h1 { font-size: clamp(42px, 6vw, 72px); line-height: 0.98; margin: 0 0 18px; letter-spacing: 0; max-width: 740px; }
+    .lead { color: var(--muted); font-size: 19px; line-height: 1.58; max-width: 720px; margin: 0 0 24px; }
+    .actions { display: flex; flex-wrap: wrap; gap: 12px; margin: 24px 0; }
+    .btn {
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      min-height: 46px;
+      padding: 0 18px;
+      border-radius: 8px;
+      border: 1px solid var(--line);
+      background: var(--panel);
+      color: var(--text);
+      text-decoration: none;
+      font-weight: 800;
+      font-size: 14px;
+      white-space: nowrap;
+    }
+    .btn.primary { background: var(--cyan); color: #001316; border-color: var(--cyan); }
+    .btn.secondary { border-color: rgba(32, 216, 239, 0.55); color: var(--cyan); }
+    .proof {
+      display: flex;
+      flex-wrap: wrap;
+      gap: 10px;
+      margin-top: 22px;
+      color: var(--muted);
+      font-size: 13px;
+    }
+    .pill { border: 1px solid var(--line); border-radius: 999px; padding: 7px 10px; background: rgba(255,255,255,0.03); }
+    .panel {
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      background: var(--panel);
+      overflow: hidden;
+      min-width: 0;
+    }
+    .panel-head {
+      display: flex;
+      justify-content: space-between;
+      gap: 12px;
+      border-bottom: 1px solid var(--line);
+      padding: 13px 14px;
+      color: var(--muted);
+      font-size: 13px;
+      font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
+    }
+    .screen { padding: 16px; display: grid; gap: 12px; }
+    .message {
+      background: var(--panel-2);
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      padding: 14px;
+      font-size: 14px;
+      line-height: 1.55;
+    }
+    .message strong { color: var(--green); }
+    .code {
+      display: block;
+      background: #07090b;
+      border: 1px solid #222932;
+      border-radius: 8px;
+      padding: 13px;
+      overflow-x: auto;
+      color: #d8f7ff;
+      font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace;
+      font-size: 13px;
+      line-height: 1.55;
+    }
+    section { padding: 34px 0; }
+    .section-title { font-size: 28px; margin: 0 0 12px; letter-spacing: 0; }
+    .section-copy { margin: 0 0 20px; color: var(--muted); line-height: 1.65; max-width: 840px; }
+    .grid { display: grid; grid-template-columns: repeat(3, minmax(0, 1fr)); gap: 16px; }
+    .card {
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      background: var(--panel);
+      padding: 18px;
+      min-width: 0;
+    }
+    .card h3 { margin: 0 0 10px; font-size: 18px; letter-spacing: 0; }
+    .card p, .card li { color: var(--muted); line-height: 1.6; font-size: 14px; }
+    .card ul { padding-left: 18px; margin: 0; }
+    .steps { counter-reset: step; display: grid; gap: 12px; }
+    .step {
+      display: grid;
+      grid-template-columns: 46px minmax(0, 1fr);
+      gap: 14px;
+      align-items: start;
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      background: var(--panel);
+      padding: 16px;
+    }
+    .step::before {
+      counter-increment: step;
+      content: counter(step);
+      display: grid;
+      place-items: center;
+      width: 34px;
+      height: 34px;
+      border-radius: 8px;
+      background: rgba(32, 216, 239, 0.12);
+      color: var(--cyan);
+      border: 1px solid rgba(32, 216, 239, 0.4);
+      font-weight: 900;
+    }
+    .step h3 { margin: 2px 0 7px; font-size: 17px; }
+    .step p { color: var(--muted); margin: 0; line-height: 1.6; }
+    .notice {
+      border: 1px solid rgba(255, 209, 102, 0.45);
+      background: rgba(255, 209, 102, 0.08);
+      color: #fff0bf;
+      border-radius: 8px;
+      padding: 15px 16px;
+      line-height: 1.6;
+      margin-top: 18px;
+    }
+    footer { color: var(--muted); border-top: 1px solid var(--line); padding-top: 24px; margin-top: 24px; font-size: 14px; }
+    @media (max-width: 860px) {
+      .hero { grid-template-columns: 1fr; }
+      .grid { grid-template-columns: 1fr; }
+      .nav { align-items: flex-start; flex-direction: column; }
+      h1 { font-size: 44px; }
+      .btn { width: 100%; }
+    }
+  </style>
+</head>
+<body>
+  <main class="shell">
+    <nav class="nav" aria-label="Primary">
+      <a class="brand" href="/">
+        <img src="/assets/brand/thumbgate-icon-512.png" alt="ThumbGate logo">
+        <span>ThumbGate</span>
+      </a>
+      <div class="navlinks">
+        <a href="/codex-plugin">Codex plugin</a>
+        <a href="/guide">Install</a>
+        <a href="/pricing">Pricing</a>
+        <a href="https://github.com/IgorGanapolsky/ThumbGate" rel="noopener">GitHub</a>
+      </div>
+    </nav>
+
+    <section class="hero" aria-labelledby="chatgpt-title">
+      <div>
+        <div class="eyebrow">ChatGPT surface for ThumbGate</div>
+        <h1 id="chatgpt-title">ThumbGate for ChatGPT</h1>
+        <p class="lead">Use the live ThumbGate GPT to preflight risky agent actions, capture typed thumbs-up/down lessons, and route those lessons into local enforcement for Codex, Claude Code, Cursor, Gemini CLI, and MCP-compatible agents.</p>
+        <div class="actions">
+          <a class="btn primary" href="/go/gpt?utm_source=chatgpt_app&utm_medium=landing&utm_campaign=chatgpt_app_install&cta_id=chatgpt_app_open_gpt&cta_placement=hero" target="_blank" rel="noopener">Open ThumbGate GPT</a>
+          <a class="btn secondary" href="/openapi.yaml?utm_source=chatgpt_app&utm_medium=landing&utm_campaign=chatgpt_action_schema&cta_id=chatgpt_app_openapi&cta_placement=hero">Download GPT Action schema</a>
+          <a class="btn" href="/guide?utm_source=chatgpt_app&utm_medium=landing&utm_campaign=local_enforcement&cta_id=chatgpt_app_local_install&cta_placement=hero">Install local enforcement</a>
+        </div>
+        <div class="proof" aria-label="Current proof">
+          <span class="pill">Live GPT link: /go/gpt</span>
+          <span class="pill">Action schema: /openapi.yaml</span>
+          <span class="pill">Local gate: npx thumbgate init</span>
+        </div>
+      </div>
+
+      <div class="panel" aria-label="ThumbGate ChatGPT workflow preview">
+        <div class="panel-head">
+          <span>ChatGPT + ThumbGate</span>
+          <span>typed feedback -> rules</span>
+        </div>
+        <div class="screen">
+          <div class="message">Before I run this migration, check whether this repeats a rejected deploy pattern.</div>
+          <div class="message"><strong>ThumbGate:</strong> Require evidence first: test output, rollback path, and the exact affected tables. Then install the local gate so future agents are blocked before execution.</div>
+          <code class="code">thumbs down: agent claimed the release was published before checking npm and CI</code>
+          <code class="code">npx thumbgate init --agent codex</code>
+        </div>
+      </div>
+    </section>
+
+    <section aria-labelledby="what-ships">
+      <h2 class="section-title" id="what-ships">What ships today</h2>
+      <p class="section-copy">This is the ChatGPT-facing distribution page. It keeps the claim precise: ChatGPT is the discovery, advice, checkpointing, and typed-feedback surface. The hard block still runs in the local agent or CI lane.</p>
+      <div class="grid">
+        <article class="card">
+          <h3>Live GPT entrypoint</h3>
+          <p>The public GPT lets users paste proposed actions, risky commands, PR steps, deploys, refunds, and agent plans before running them.</p>
+        </article>
+        <article class="card">
+          <h3>GPT Action schema</h3>
+          <p>The OpenAPI schema is publicly served for GPT Actions import and kept in the package so installs do not depend on hidden docs.</p>
+        </article>
+        <article class="card">
+          <h3>Local enforcement path</h3>
+          <p>ThumbGate still blocks repeated mistakes where work happens: Codex, Claude Code, Cursor, Gemini CLI, Amp, OpenCode, MCP, and CI.</p>
+        </article>
+      </div>
+    </section>
+
+    <section aria-labelledby="install-flow">
+      <h2 class="section-title" id="install-flow">Install flow</h2>
+      <div class="steps">
+        <div class="step">
+          <div>
+            <h3>Open the ThumbGate GPT</h3>
+            <p>Use the GPT for setup help, action review, and typed feedback. If the direct link does not open, search Explore GPTs for ThumbGate by Igor Ganapolsky.</p>
+          </div>
+        </div>
+        <div class="step">
+          <div>
+            <h3>Import the GPT Action schema when configuring a custom GPT</h3>
+            <p>Use <code>https://thumbgate.ai/openapi.yaml</code> as the Actions schema. API key auth uses a bearer token from the ThumbGate environment.</p>
+          </div>
+        </div>
+        <div class="step">
+          <div>
+            <h3>Install the local gate</h3>
+            <p>Run <code>npx thumbgate init</code> or the agent-specific command so lessons can become pre-action checks in the coding session.</p>
+          </div>
+        </div>
+      </div>
+      <div class="notice"><strong>Honest capture note:</strong> ChatGPT's native thumbs rating buttons are not the ThumbGate memory path. Type <code>thumbs up:</code> or <code>thumbs down:</code> with one concrete sentence so ThumbGate can store a structured lesson.</div>
+    </section>
+
+    <section aria-labelledby="enterprise">
+      <h2 class="section-title" id="enterprise">Enterprise packaging</h2>
+      <p class="section-copy">Teams can use ChatGPT as the human-facing review surface while ThumbGate enforces policy in the local or server-side execution lane. That gives buyers a simple story: one GPT for triage, one Codex plugin for coding, one shared lesson/rule store for repeat prevention.</p>
+      <div class="grid">
+        <article class="card">
+          <h3>Buyer-ready links</h3>
+          <ul>
+            <li><a href="/chatgpt-app">ChatGPT app page</a></li>
+            <li><a href="/codex-plugin">Codex plugin page</a></li>
+            <li><a href="/pricing">Team pricing</a></li>
+          </ul>
+        </article>
+        <article class="card">
+          <h3>Implementation docs</h3>
+          <ul>
+            <li><a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/adapters/chatgpt/INSTALL.md" rel="noopener">ChatGPT Actions setup</a></li>
+            <li><a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/docs/chatgpt-gpt-instructions.md" rel="noopener">GPT instructions</a></li>
+            <li><a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/plugins/codex-profile/INSTALL.md" rel="noopener">Codex plugin install</a></li>
+          </ul>
+        </article>
+        <article class="card">
+          <h3>Proof lane</h3>
+          <ul>
+            <li><a href="/dashboard">Local dashboard</a></li>
+            <li><a href="/llm-context.md">LLM context</a></li>
+            <li><a href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest" rel="noopener">Latest release assets</a></li>
+          </ul>
+        </article>
+      </div>
+    </section>
+
+    <section aria-labelledby="next-step">
+      <h2 class="section-title" id="next-step">Use both OpenAI surfaces</h2>
+      <p class="section-copy">Codex gets the execution-side plugin. ChatGPT gets the review and lesson-capture entrypoint. Together they make ThumbGate visible before the mistake and enforceable when the agent reaches for tools.</p>
+      <div class="actions">
+        <a class="btn primary" href="/go/gpt?utm_source=chatgpt_app&utm_medium=landing&utm_campaign=chatgpt_app_install&cta_id=chatgpt_app_footer_gpt&cta_placement=footer" target="_blank" rel="noopener">Open ThumbGate GPT</a>
+        <a class="btn secondary" href="/codex-plugin?utm_source=chatgpt_app&utm_medium=landing&utm_campaign=codex_plugin_cross_sell&cta_id=chatgpt_app_footer_codex&cta_placement=footer">Install Codex plugin</a>
+        <a class="btn" href="/checkout/pro?utm_source=chatgpt_app&utm_medium=landing&utm_campaign=chatgpt_app_pro&cta_id=chatgpt_app_footer_checkout&cta_placement=footer">Upgrade to Pro</a>
+      </div>
+    </section>
+
+    <footer>
+      ThumbGate for ChatGPT is an owned ThumbGate distribution surface. It does not claim official OpenAI marketplace approval; it links the live GPT, public GPT Action schema, and local enforcement install path.
+    </footer>
+  </main>
+</body>
+</html>

package/public/codex-plugin.html

@@ -3,12 +3,12 @@
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>ThumbGate for Codex - Auto-Updating MCP Plugin</title>
+<title>ThumbGate for Codex - CLI Setup and Plugin Bundle</title>
 <script defer data-domain="thumbgate-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Install ThumbGate for Codex with an auto-updating MCP plugin, Pre-Action Checks, thumbs-up/down feedback memory, and a local-first Reliability Gateway.">
+<meta name="description" content="Install ThumbGate for Codex with CLI setup first, plus a portable Codex plugin bundle for review, marketplace, and offline workflows. Includes Pre-Action Checks and thumbs-up/down feedback memory.">
 <meta name="keywords" content="ThumbGate Codex plugin, Codex MCP server, Codex pre-action checks, Codex guardrails, thumbgate latest, AI coding agent reliability">
 <meta property="og:title" content="ThumbGate for Codex">
-<meta property="og:description" content="Auto-updating MCP and hook launcher for Codex. One install, then ThumbGate resolves the latest npm runtime when Codex starts.">
+<meta property="og:description" content="CLI-first Codex setup with auto-updating MCP, hooks, and a portable plugin bundle for review or marketplace workflows.">
 <meta property="og:type" content="website">
 <meta property="og:url" content="https://thumbgate.ai/codex-plugin">
 <link rel="canonical" href="https://thumbgate.ai/codex-plugin">
@@ -21,7 +21,7 @@
   "name": "ThumbGate for Codex",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "macOS, Linux, Windows with Node.js",
-  "description": "ThumbGate for Codex installs an MCP server and hook launcher that resolves thumbgate@latest at startup, captures thumbs-up/down feedback, and enforces Pre-Action Checks before risky agent actions run.",
+  "description": "ThumbGate for Codex installs an MCP server and hook launcher that resolves thumbgate@latest at startup, captures thumbs-up/down feedback, and enforces Pre-Action Checks before risky agent actions run. The supported fast path is npx thumbgate init --agent codex; the zip is a portable plugin bundle, not a double-click desktop installer.",
   "url": "https://thumbgate.ai/codex-plugin",
   "downloadUrl": "https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip",
   "installUrl": "https://thumbgate.ai/codex-plugin",
@@ -71,7 +71,15 @@
       "name": "What is the fastest Codex install path?",
       "acceptedAnswer": {
         "@type": "Answer",
-        "text": "Run npx thumbgate init --agent codex for the automatic local setup, or use the standalone Codex plugin bundle if you want a portable plugin surface."
+        "text": "Run npx thumbgate init --agent codex for the automatic local setup. Use the standalone Codex plugin bundle only when you want a portable plugin folder for review, marketplace wiring, offline handoff, or a Codex build that exposes local plugin import."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Does the release zip install itself in Codex Desktop?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. The zip is not a double-click installer. Extract it and install the folder through a Codex plugin directory or marketplace flow if your Codex build exposes one. Otherwise use npx thumbgate init --agent codex."
       }
     }
   ]
@@ -220,9 +228,9 @@
       <p class="sub" style="font-size:13px;opacity:0.85;">Updated: <time datetime="2026-04-20">2026-04-20</time> · by <a href="https://github.com/IgorGanapolsky" style="color:inherit;">Igor Ganapolsky</a></p>
       <p class="sub">ThumbGate wires Codex into local-first feedback memory, MCP tools, and hook enforcement. The launcher resolves <code>thumbgate@latest</code> when Codex starts, so published npm fixes reach your active MCP server after a restart.</p>
       <div class="actions">
-        <a class="button primary" href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip" target="_blank" rel="noopener" onclick="if(typeof plausible==='function')plausible('codex_plugin_download')">Download Codex plugin</a>
+        <a class="button primary" href="/guide" onclick="if(typeof plausible==='function')plausible('codex_cli_setup')">Install with CLI setup</a>
         <a class="button secondary" href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/plugins/codex-profile/INSTALL.md" target="_blank" rel="noopener">Read install docs</a>
-        <a class="button secondary" href="/guide">Use CLI setup</a>
+        <a class="button secondary" href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip" target="_blank" rel="noopener" onclick="if(typeof plausible==='function')plausible('codex_plugin_download')">Download zip for review</a>
       </div>
       <nav class="proof-bar" aria-label="Codex proof and conversion links">
         <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/docs/VERIFICATION_EVIDENCE.md" target="_blank" rel="noopener">Verification evidence</a>
@@ -231,8 +239,9 @@
         <a href="/?utm_source=codex&utm_medium=plugin_page&utm_campaign=codex_team_follow_on&utm_content=workflow_sprint&campaign_variant=teams_follow_on&offer_code=CODEX-TEAMS_FOLLOW_ON&cta_id=codex_team_follow_on&cta_placement=plugin_page&surface=codex_plugin#workflow-sprint-intake">Team workflow sprint</a>
       </nav>
       <pre class="terminal">$ npx thumbgate init --agent codex
+$ npx thumbgate feedback-self-test
 # Writes ~/.codex/config.toml and ~/.codex/config.json
-# MCP + hooks install thumbgate@latest before serving or checking gates</pre>
+# Restart Codex, then confirm ThumbGate is enabled in Plugins or MCP settings</pre>
     </div>
   </section>
 
@@ -251,11 +260,31 @@
     </div>
   </section>
 
+  <section class="wrap">
+    <div class="eyebrow">Role plugins, Sites, and team OS</div>
+    <h2>Codex is becoming a business-work surface. ThumbGate is the action boundary.</h2>
+    <div class="steps">
+      <div class="step">
+        <h3>Role plugins</h3>
+        <p>Codex plugins bundle skills, apps, and MCP servers. ThumbGate checks role-specific writes before sales, analytics, design, finance, or support agents modify business systems.</p>
+      </div>
+      <div class="step">
+        <h3>Sites deploys</h3>
+        <p>Before a Sites workflow publishes or widens access, ThumbGate can require build proof, intended audience, secret handling, and deployment evidence.</p>
+      </div>
+      <div class="step">
+        <h3>Team Agentic OS</h3>
+        <p>Human-editable docs, agent-operating files, and git backups still need runtime checks. ThumbGate gates protected skills, MCP config, memory scope, and workflow contracts.</p>
+      </div>
+    </div>
+    <p><a href="/learn/codex-role-plugins-need-governance">Read the Codex role-plugin governance guide</a> · <a href="/learn/agentic-os-team-governance">Read the Agentic OS team governance guide</a> · <a href="/learn/cost-aware-agent-gate-routing">Read cost-aware gate routing</a></p>
+  </section>
+
   <section class="wrap split">
     <div>
       <div class="eyebrow">What Codex gets</div>
       <h2>MCP memory, hook checks, and a dashboard lane in the same install path.</h2>
-      <p>Use the standalone plugin when you want a portable Codex bundle. Use <code>npx thumbgate init --agent codex</code> when you want the shortest path on this machine. Both paths point at the same Reliability Gateway and the same npm runtime.</p>
+      <p>Use <code>npx thumbgate init --agent codex</code> when you want the shortest path on this machine. Use the standalone zip only when you need a portable plugin folder for audit, offline handoff, marketplace wiring, or a Codex build that exposes local plugin import.</p>
       <p class="status">The Codex launcher checks npm on startup. Restart Codex after a ThumbGate publish to let the MCP server and hook bundle pick up the latest runtime.</p>
     </div>
     <figure class="proof">
@@ -273,12 +302,31 @@
         <p>Run <code>npx thumbgate init --agent codex</code>. ThumbGate writes the MCP server block and hook bundle into your Codex config files.</p>
       </div>
       <div class="step">
-        <h3>2. Standalone plugin</h3>
-        <p>Use the release bundle when Codex loads plugin surfaces directly. The bundle includes the manifest, MCP config, marketplace entry, and install docs.</p>
+        <h3>2. Plugin directory</h3>
+        <p>For a true plugin install, use Codex Plugins or a marketplace source. In the Add marketplace dialog, do not keep Codex's default <code>plugins/codex</code> sparse path for this repo; use <code>.agents/plugins/marketplace.json</code> and <code>plugins/codex-profile</code>, or leave sparse paths blank for a local checkout.</p>
       </div>
       <div class="step">
-        <h3>3. Verify in Codex</h3>
-        <p>Open Codex settings, confirm <code>thumbgate</code> is toggled on, then restart Codex after npm releases to pick up the latest runtime.</p>
+        <h3>3. Zip for review</h3>
+        <p>The zip is a portable folder, not a double-click installer. Extract it, inspect <code>.codex-plugin/plugin.json</code>, and use CLI setup when local plugin import is unavailable.</p>
+      </div>
+    </div>
+  </section>
+
+  <section class="wrap">
+    <div class="eyebrow">Desktop install reality</div>
+    <h2>Do not make users guess what to do with a zip.</h2>
+    <div class="steps">
+      <div class="step">
+        <h3>Use first</h3>
+        <p><code>npx thumbgate init --agent codex</code> is the supported self-serve path. It configures MCP, hooks, and the status line without asking the user to understand plugin internals.</p>
+      </div>
+      <div class="step">
+        <h3>Use when available</h3>
+        <p>If Codex shows Plugins, open the directory, clear restrictive filters like <code>Built by OpenAI</code>, install ThumbGate from a marketplace or shared plugin entry, then start a new thread after install.</p>
+      </div>
+      <div class="step">
+        <h3>Use for operators</h3>
+        <p>Download the zip only for security review, offline delivery, or manual marketplace wiring. The user selects the extracted folder, never the compressed file.</p>
       </div>
     </div>
   </section>
@@ -312,7 +360,11 @@
       </div>
       <div class="faq">
         <h3>Where is the direct asset?</h3>
-        <p>The standalone zip remains available at <a href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip" target="_blank" rel="noopener">GitHub Releases</a>. This page is the human install surface so users do not land on an unexplained file download.</p>
+        <p>The standalone zip remains available at <a href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip" target="_blank" rel="noopener">GitHub Releases</a>. It is for review, offline delivery, and manual marketplace workflows. It is not a double-click Codex Desktop installer.</p>
+      </div>
+      <div class="faq">
+        <h3>I searched Plugins for ThumbGate. Why is it missing?</h3>
+        <p>First clear the <code>Built by OpenAI</code> filter. ThumbGate is a local or third-party marketplace plugin, so an OpenAI-only filter hides it. Then confirm the marketplace includes <code>.agents/plugins/marketplace.json</code> and <code>plugins/codex-profile</code>; the default <code>plugins/codex</code> sparse path will miss this repo.</p>
       </div>
     </div>
   </section>

package/public/compare.html

@@ -62,7 +62,7 @@
       "name": "Is ThumbGate free?",
       "acceptedAnswer": {
         "@type": "Answer",
-        "text": "ThumbGate has a free tier that includes local enforcement with 5 feedback captures/day, 25 total captures, up to 3 active auto-promoted prevention rules, and pre-action check blocking. Pro ($19/mo or $149/yr) adds hosted sync, a personal local dashboard, recall, lesson search, unlimited captures/rules, and DPO export. Team rollout ($49/seat/mo) adds a shared lesson database and org dashboard."
+        "text": "ThumbGate has a free tier that includes local enforcement with 5 feedback captures/day, 25 total captures, up to 3 active auto-promoted prevention rules, and pre-action check blocking. Pro ($19/mo or $149/yr) adds hosted sync, a personal local dashboard, recall, lesson search, unlimited captures/rules, and DPO export. Enterprise (custom pricing, scoped after intake) adds a shared lesson database and org dashboard."
       }
     },
     {
@@ -311,7 +311,7 @@
 
 <div class="card">
   <h3>Is ThumbGate free?</h3>
-  <p>ThumbGate has a free tier that includes local enforcement with 5 feedback captures/day, 25 total captures, up to 3 active auto-promoted prevention rules, and pre-action check blocking. Pro ($19/mo or $149/yr) adds hosted sync, a personal local dashboard, recall, lesson search, unlimited captures/rules, and DPO export. Team rollout ($49/seat/mo) adds a shared lesson database and org dashboard.</p>
+  <p>ThumbGate has a free tier that includes local enforcement with 5 feedback captures/day, 25 total captures, up to 3 active auto-promoted prevention rules, and pre-action check blocking. Pro ($19/mo or $149/yr) adds hosted sync, a personal local dashboard, recall, lesson search, unlimited captures/rules, and DPO export. Enterprise (custom pricing, scoped after intake) adds a shared lesson database and org dashboard.</p>
 </div>
 
 <div class="card">