npm - thumbgate - Versions diffs - 1.26.8 → 1.27.3 - Mend

thumbgate 1.26.8 → 1.27.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

package/.claude-plugin/plugin.json +1 -1
package/.well-known/agentic-verify.txt +1 -0
package/.well-known/llms.txt +2 -0
package/.well-known/mcp/server-card.json +1 -1
package/README.md +44 -31
package/adapters/claude/.mcp.json +2 -2
package/adapters/gcp/dfcx-webhook-gate.js +295 -0
package/adapters/mcp/server-stdio.js +41 -1
package/adapters/opencode/opencode.json +1 -1
package/bench/thumbgate-bench.json +2 -2
package/bin/cli.js +184 -8
package/bin/dashboard-cli.js +7 -0
package/config/gate-classifier-routing.json +98 -0
package/config/gate-templates.json +60 -0
package/config/mcp-allowlists.json +8 -7
package/config/model-candidates.json +71 -6
package/package.json +28 -12
package/public/about.html +162 -0
package/public/chatgpt-app.html +330 -0
package/public/codex-plugin.html +66 -14
package/public/compare.html +2 -2
package/public/dashboard.html +224 -36
package/public/guide.html +2 -2
package/public/index.html +122 -40
package/public/learn.html +70 -0
package/public/lessons.html +129 -6
package/public/numbers.html +2 -2
package/public/pricing.html +28 -23
package/public/pro.html +3 -3
package/scripts/agent-operations-planner.js +621 -0
package/scripts/agent-reward-model.js +53 -1
package/scripts/ai-component-inventory.js +367 -0
package/scripts/classifier-routing.js +130 -0
package/scripts/cli-schema.js +26 -0
package/scripts/commercial-offer.js +10 -2
package/scripts/dashboard-chat.js +199 -51
package/scripts/feedback-sanitizer.js +105 -0
package/scripts/gates-engine.js +301 -67
package/scripts/hybrid-feedback-context.js +141 -7
package/scripts/memory-scope-readiness.js +159 -0
package/scripts/oss-pr-opportunity-scout.js +35 -5
package/scripts/parallel-workflow-orchestrator.js +293 -0
package/scripts/plausible-domain-config.js +86 -0
package/scripts/plausible-server-events.js +4 -2
package/scripts/proxy-pointer-rag-guardrails.js +42 -1
package/scripts/qa-scenario-planner.js +136 -0
package/scripts/rate-limiter.js +2 -2
package/scripts/repeat-metric.js +28 -12
package/scripts/secret-fixture-tokens.js +61 -0
package/scripts/secret-scanner.js +44 -5
package/scripts/security-scanner.js +80 -0
package/scripts/seo-gsd.js +113 -0
package/scripts/thumbgate-bench.js +16 -1
package/scripts/tool-registry.js +37 -0
package/scripts/workflow-sentinel.js +282 -54
package/src/api/server.js +466 -60
package/.claude-plugin/marketplace.json +0 -85

package/public/dashboard.html CHANGED Viewed

@@ -263,14 +263,18 @@
   <div class="panel" id="chatPanel" style="margin-bottom:20px;">
     <div style="display:flex;align-items:baseline;gap:10px;flex-wrap:wrap;margin-bottom:10px;">
       <h2 style="margin:0;">💬 Chat with your data</h2>
-      <span style="font-size:13px;color:var(--text-muted);">Ask about your captured lessons, mistakes, and rules — answered by Gemini, grounded only in your data.</span>
+      <span style="font-size:13px;color:var(--text-muted);">Ask about your gates, blocks, feedback, and lessons — answered <strong>locally from your own data</strong>, no cloud. (An optional BYO model only kicks in for open-ended questions.)</span>
     </div>
     <div id="chatMessages" style="max-height:360px;overflow-y:auto;margin-bottom:12px;display:none;padding-right:4px;"></div>
     <div style="display:flex;gap:8px;">
       <input id="chatInput" class="auth-input" style="flex:1;" placeholder="e.g. What mistakes have we made, and how do we avoid them?" onkeydown="if(event.key==='Enter'){event.preventDefault();sendChat();}" />
       <button class="btn" id="chatSend" onclick="sendChat()">Ask</button>
     </div>
-    <div id="chatHint" style="font-size:12px;color:var(--text-muted);margin-top:8px;">Powered by your captured lessons + Gemini. Set <code style="font-family:var(--mono);">GEMINI_API_KEY</code> (<code style="font-family:var(--mono);">npx thumbgate setup-vertex --write</code>) to enable.</div>
+    <div id="chatHint" style="font-size:12px;color:var(--text-muted);margin-top:8px;display:flex;align-items:center;gap:8px;">
+      <span>Powered by local dashboard data. Optional Gemini/Perplexity keys only expand open-ended analysis.</span>
+      <input type="password" id="geminiKeyInput" placeholder="Optional GEMINI_API_KEY..." style="background:var(--bg-raised); border:1px solid var(--border); border-radius:4px; padding:4px 8px; color:var(--text); font-family:var(--mono); font-size:11px; flex:1; max-width: 250px;" onkeydown="if(event.key==='Enter'){event.preventDefault();saveGeminiKey();}" />
+      <button class="btn-outline" style="padding:4px 10px;font-size:11px;border-radius:4px;" onclick="saveGeminiKey()">Save</button>
+    </div>
   </div>
   <div class="panel" id="reviewDeltaPanel" style="margin-bottom:20px;">
@@ -304,7 +308,8 @@
     <div class="tab active" onclick="switchTab('search')">🔍 Search Memories</div>
     <div class="tab" onclick="switchTab('gates')">🛡️ Active Gates</div>
     <div class="tab" onclick="switchTab('team')">👥 Team</div>
-    <div class="tab" onclick="switchTab('enterprise')">🏢 Enterprise Chat</div>
+    <div class="tab" onclick="switchTab('enterprise')">🏢 Governed Data Chat</div>
+    <div class="tab" onclick="switchTab('ai-inventory')">🧬 AI Inventory</div>
     <div class="tab" onclick="switchTab('generated')">🧩 Generated Views</div>
     <div class="tab" onclick="switchTab('settings')">⚙️ Policy Origins</div>
     <div class="tab" onclick="switchTab('templates')">🧱 Gate Templates</div>
@@ -411,25 +416,48 @@
   <!-- ENTERPRISE CHAT TAB -->
   <div class="tab-content" id="tab-enterprise">
     <div class="templates-section">
-      <h2>Enterprise Dialogflow Data Chat</h2>
-      <p class="template-summary">Ask questions over local ThumbGate feedback, lessons, gates, team posture, and Vertex/DFCX readiness. This local panel uses ThumbGate's DFCX-compatible guard before data access; it does not claim a live Google Dialogflow CX agent unless deployment evidence is configured.</p>
+      <h2>Governed Data Chat</h2>
+      <p class="template-summary">Ask questions over your local ThumbGate data (lessons, raw feedback via LanceDB vectors, gate stats, receipts). Uses local retrieval plus your configured LLM, including open-source/local endpoints through <code>THUMBGATE_LOCAL_LLM_ENDPOINT</code>. Dialogflow is not the chatbot layer; DFCX/Vertex cards are optional deployment-readiness checks for buyers who run their own Google agent stack.</p>
       <div class="enterprise-chat-layout">
         <div class="panel">
           <h3>Chat With Local ThumbGate Data</h3>
-          <textarea class="enterprise-chat-box" id="enterpriseChatPrompt" placeholder="Ask: What mistakes are recurring? Which gates blocked the most? Is Vertex configured? What is our DFCX readiness?"></textarea>
+          <textarea class="enterprise-chat-box" id="enterpriseChatPrompt" placeholder="Ask: What mistakes are recurring? Which gates blocked the most? Are we running local-only or cloud-integrated?"></textarea>
           <div style="display:flex;gap:10px;align-items:center;margin-top:12px;flex-wrap:wrap;">
             <button class="btn" id="enterpriseChatBtn" onclick="sendEnterpriseChat()">Ask ThumbGate</button>
             <button class="btn-outline" onclick="setEnterprisePrompt('Which gates are blocking risky actions?')">Gates</button>
             <button class="btn-outline" onclick="setEnterprisePrompt('What feedback mistakes keep repeating?')">Feedback</button>
-            <button class="btn-outline" onclick="setEnterprisePrompt('Is Vertex and DFCX configured?')">Cloud</button>
+            <button class="btn-outline" onclick="setEnterprisePrompt('Are we running local-only or cloud-integrated?')">Runtime</button>
           </div>
           <div class="enterprise-answer" id="enterpriseChatAnswer">Connect your dashboard, then ask about local ThumbGate data.</div>
           <div class="enterprise-source-list" id="enterpriseChatSources"></div>
         </div>
         <div class="panel">
-          <h3>Enterprise Readiness</h3>
+          <h3>Runtime Readiness</h3>
           <div class="inventory-tools" id="enterpriseStatusCards"><div class="loading">Loading enterprise status...</div></div>
-          <div class="template-summary" style="margin-top:14px;margin-bottom:0;">Live DFCX proof must come from the Conversational Agents console, deployed webhook URL, Cloud Run logs, or the Dialogflow CX REST API <code style="font-family:var(--mono);font-size:12px;">projects.locations.agents</code>.</div>
+          <div class="template-summary" style="margin-top:14px;margin-bottom:0;">The chat itself is local RAG plus your LLM. Open-source/local models are the default enterprise path; DFCX/Vertex readiness is optional evidence for teams that already operate Google agents in their own tenancy.</div>
+        </div>
+      </div>
+    </div>
+  </div>
+  <!-- AI INVENTORY TAB -->
+  <div class="tab-content" id="tab-ai-inventory">
+    <div class="templates-section">
+      <h2>AI Component Inventory</h2>
+      <p class="template-summary">Enterprise evidence for AI/ML usage: provider SDKs, agent frameworks, vector databases, Vertex/Gemini/Dialogflow CX references, and local model artifacts. Export this as ML-BOM proof before claiming an AI system is production-ready.</p>
+      <div class="inventory-grid" id="aiInventorySummaryCards"><div class="loading">Scanning AI inventory...</div></div>
+      <div class="team-columns" style="margin-top:16px;">
+        <div class="panel">
+          <h3>Detected Components</h3>
+          <div class="inventory-tools" id="aiInventoryComponents"><div class="loading">Scanning components...</div></div>
+        </div>
+        <div class="panel">
+          <h3>Export Evidence</h3>
+          <div class="template-summary" style="margin-bottom:12px;">CLI export:</div>
+          <pre style="white-space:pre-wrap;background:var(--bg);border:1px solid var(--border);border-radius:8px;padding:12px;font-size:12px;color:var(--text);">npx thumbgate ai-inventory --format=cyclonedx --output=.thumbgate/ai-mlbom.json</pre>
+          <div class="template-summary" style="margin-top:12px;">API export:</div>
+          <pre style="white-space:pre-wrap;background:var(--bg);border:1px solid var(--border);border-radius:8px;padding:12px;font-size:12px;color:var(--text);">GET /v1/dashboard/ai-inventory?format=cyclonedx</pre>
+          <div id="aiInventoryExportNote" class="template-summary" style="margin-top:12px;margin-bottom:0;">Waiting for inventory evidence...</div>
         </div>
       </div>
     </div>
@@ -681,8 +709,30 @@ let currentGeneratedView = 'team-review';
 const BOOTSTRAP_API_KEY = __DASHBOARD_BOOTSTRAP_KEY__;
 const LOCAL_PRO_BOOTSTRAP = __DASHBOARD_BOOTSTRAP_ENABLED__;
+let ACTIVE_PROJECT_DIR = '';
+try {
+  var urlParams = new URLSearchParams(window.location.search);
+  ACTIVE_PROJECT_DIR = urlParams.get('project') || '';
+} catch (e) {}
+function preserveProjectQueryParams() {
+  if (!ACTIVE_PROJECT_DIR) return;
+  var links = document.querySelectorAll('a[href^="/dashboard"], a[href^="/lessons"], a[href="/"]');
+  links.forEach(function(link) {
+    try {
+      var url = new URL(link.href, window.location.origin);
+      url.searchParams.set('project', ACTIVE_PROJECT_DIR);
+      link.href = url.pathname + url.search + url.hash;
+    } catch (e) {}
+  });
+}
 function getHeaders() {
-  return { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' };
+  var headers = { 'Authorization': 'Bearer ' + API_KEY, 'Content-Type': 'application/json' };
+  if (ACTIVE_PROJECT_DIR) {
+    headers['x-thumbgate-project-dir'] = ACTIVE_PROJECT_DIR;
+  }
+  return headers;
 }
 // --- Chat with your data ---------------------------------------------------
@@ -706,13 +756,32 @@ function chatRenderAnswer(a) {
     .replace(/\[(\d+)\]/g, '<sup style="color:var(--cyan);font-weight:600;">[$1]</sup>')
     .replace(/\n/g, '<br>');
 }
-function chatRenderSources(sources) {
+function chatRenderSources(sources, answerText) {
   if (!sources || !sources.length) return '';
+  var citedNums = new Set();
+  var regex = /\[(\d+)\]/g;
+  var match;
+  while ((match = regex.exec(answerText || '')) !== null) {
+    citedNums.add(parseInt(match[1], 10));
+  }
   var items = sources.map(function (s, i) {
+    var num = i + 1;
+    var isCited = citedNums.has(num);
     var label = chatEscape(String(s.title || s.id || '').slice(0, 64));
-    return '<span title="' + label + '" style="display:inline-block;font-size:11px;background:var(--cyan-dim);color:var(--cyan);padding:2px 7px;border-radius:5px;margin:4px 5px 0 0;">[' + (i + 1) + '] ' + label + '</span>';
+    var bg = isCited ? 'var(--cyan-dim)' : 'var(--bg-raised)';
+    var color = isCited ? 'var(--cyan)' : 'var(--text-muted)';
+    var border = isCited ? '1px solid var(--cyan)' : '1px solid var(--border)';
+    var weight = isCited ? '600' : 'normal';
+    return '<span title="' + label + '" style="display:inline-block;font-size:11px;background:' + bg + ';color:' + color + ';border:' + border + ';font-weight:' + weight + ';padding:2px 7px;border-radius:5px;margin:4px 5px 0 0;">[' + num + '] ' + label + '</span>';
   }).join('');
-  return '<div style="margin-top:10px;">' + items + '</div>';
+  return '<div style="margin-top:12px;border-top:1px dashed var(--border);padding-top:10px;">' +
+         '<div style="font-size:11px;color:var(--text-muted);margin-bottom:6px;font-weight:600;">Database logs analyzed to answer your question:</div>' +
+         items +
+         '</div>';
 }
 async function sendChat() {
   var input = document.getElementById('chatInput');
@@ -729,7 +798,10 @@ async function sendChat() {
     var res = await fetch('/v1/chat', { method: 'POST', headers: getHeaders(), body: JSON.stringify({ question: q }) });
     var data = await res.json();
     if (data && data.ok) {
-      pending.innerHTML = chatRenderAnswer(data.answer) + chatRenderSources(data.sources);
+      pending.innerHTML = chatRenderAnswer(data.answer) + chatRenderSources(data.sources, data.answer);
+    } else if (data && data.error === 'gemini_error') {
+      pending.innerHTML = '<em style="color:#f87171;">Gemini rejected the key: ' + chatEscape(data.message || 'invalid') +
+        '<br>Fix: paste a valid key in the "Set GEMINI_API_KEY..." box below (get one at <a href="https://aistudio.google.com/app/apikey" target="_blank" style="color:#67e8f9;">AI Studio</a>) and click Save.</em>';
     } else {
       pending.innerHTML = '<em style="color:var(--text-muted);">' + chatEscape((data && data.message) || 'Chat is unavailable.') + '</em>';
     }
@@ -741,6 +813,37 @@ async function sendChat() {
   }
 }
+async function saveGeminiKey() {
+  var input = document.getElementById('geminiKeyInput');
+  var val = (input.value || '').trim();
+  if (!val) return;
+  var oldPlaceholder = input.placeholder;
+  input.disabled = true;
+  input.placeholder = 'Saving...';
+  try {
+    var res = await fetch('/v1/settings/gemini-key', {
+      method: 'POST',
+      headers: getHeaders(),
+      body: JSON.stringify({ key: val })
+    });
+    var data = await res.json();
+    if (data && data.ok) {
+      input.value = '';
+      input.placeholder = '✓ Key saved to .env';
+      setTimeout(function() {
+        document.getElementById('chatHint').innerHTML = '<span style="color:var(--green)">✓ Key validated. Hybrid (Perplexity/Gemini) supported for chat with your data.</span>';
+      }, 2000);
+    } else {
+      input.placeholder = '✗ Failed: ' + (data.message || data.error || 'Unknown error');
+    }
+  } catch (e) {
+    input.placeholder = '✗ Network error';
+  } finally {
+    input.disabled = false;
+    setTimeout(function() { if (input.placeholder.startsWith('✗')) input.placeholder = oldPlaceholder; }, 3000);
+  }
+}
 function hasBootstrapKey() {
   return LOCAL_PRO_BOOTSTRAP && Boolean(BOOTSTRAP_API_KEY);
 }
@@ -751,8 +854,8 @@ async function connect(options) {
   API_KEY = String(opts.key || input.value || '').trim();
   if (!API_KEY) return;
-  const isEnterprise = API_KEY.startsWith('tg_op_') || API_KEY.startsWith('tg_creator_');
-  const tierName = isEnterprise ? 'Enterprise' : 'Pro';
+  var isEnterprise = API_KEY.startsWith('tg_op_') || API_KEY.startsWith('tg_creator_');
+  var tierName = isEnterprise ? 'Enterprise' : 'Pro';
   const status = document.getElementById('authStatus');
   const btn = document.getElementById('connectBtn');
@@ -763,16 +866,33 @@ async function connect(options) {
     const res = await fetch('/v1/feedback/stats', { headers: getHeaders() });
     if (!res.ok) throw new Error('Invalid API key');
     const data = await res.json();
+    if (data.tier) {
+      isEnterprise = (data.tier === 'Enterprise');
+      tierName = data.tier;
+    }
+    if (data.geminiKeyStatus === 'validated' || data.geminiValidatedAt) {
+      var when = data.geminiValidatedAt ? ' (validated ' + new Date(data.geminiValidatedAt).toLocaleTimeString() + ')' : '';
+      document.getElementById('chatHint').innerHTML = '<span style="color:var(--green)">✓ Gemini API key validated' + when + '. You can now chat with your data.</span>';
+    } else if (data.perplexityConfigured) {
+      document.getElementById('chatHint').innerHTML = '<span style="color:var(--green)">✓ Perplexity hybrid (local-cloud) key present. Supports hybrid inference for chat with your data.</span>';
+    } else if (data.geminiConfigured) {
+      document.getElementById('chatHint').innerHTML = '<span style="color:#f59e0b">⚠ Gemini key present in .env (click Save below to validate it). Perplexity hybrid also supported for cost/privacy.</span>';
+    }
     status.className = 'auth-status ok';
     status.textContent = opts.localPro ? `✓ Local ${tierName} connected` : '✓ Connected';
     document.getElementById('dashboardContent').style.display = 'block';
     if (opts.localPro) {
+      const localProActiveMessage = 'Local Pro is active on this machine. Your dashboard is using the saved license key automatically.';
+      const localEnterpriseActiveMessage = 'Local Enterprise is active on this machine. Your dashboard is using the saved license key automatically.';
       input.value = 'local-license';
       input.disabled = true;
       input.placeholder = `Local ${tierName} auto-connected`;
       btn.disabled = true;
       document.getElementById('demoBtn').style.display = 'none';
-      document.getElementById('authHelp').textContent = `Local ${tierName} is active on this machine. Your dashboard is using the saved license key automatically.`;
+      document.getElementById('authHelp').textContent = isEnterprise ? localEnterpriseActiveMessage : localProActiveMessage;
     }
     renderStats(data);
     setSelectedCard('all');
@@ -971,11 +1091,11 @@ function switchTab(name) {
 /**
  * Resolve deep-link tab target from URL hash or query string.
  * Supports: /dashboard#insights, /dashboard?tab=gates, /dashboard#tab-export.
- * Valid targets match tab-content ids (search, gates, team, generated,
- * settings, templates, insights, export).
+ * Valid targets match tab-content ids (search, gates, team, enterprise,
+ * ai-inventory, generated, settings, templates, insights, export).
  */
 function getDeepLinkTab() {
-  var valid = ['search', 'gates', 'team', 'generated', 'settings', 'templates', 'insights', 'export'];
+  var valid = ['search', 'gates', 'team', 'enterprise', 'ai-inventory', 'generated', 'settings', 'templates', 'insights', 'export'];
   var raw = (window.location.hash || '').replace(/^#/, '').replace(/^tab-/, '');
   if (!raw) {
     try {
@@ -1187,7 +1307,68 @@ function renderDashboardData(data) {
   renderRegulatedProof(data.regulatedProof || {});
   renderTemplates(data.templateLibrary || {});
   renderInsights(data);
-  loadEnterpriseDialogflowStatus();
+  loadAiInventory();
+  loadEnterpriseDataChatStatus();
+}
+async function loadAiInventory() {
+  var summaryEl = document.getElementById('aiInventorySummaryCards');
+  var componentsEl = document.getElementById('aiInventoryComponents');
+  var exportEl = document.getElementById('aiInventoryExportNote');
+  if (!summaryEl || !componentsEl) return;
+  try {
+    var res = await fetch('/v1/dashboard/ai-inventory', { headers: getHeaders() });
+    if (!res.ok) {
+      var text = await res.text();
+      throw new Error(text || 'Failed to load AI inventory');
+    }
+    var inventory = await res.json();
+    renderAiInventory(inventory);
+  } catch (e) {
+    var message = e && e.message ? e.message : 'Failed to load AI inventory';
+    setMessageState(summaryEl, 'empty', message);
+    setMessageState(componentsEl, 'empty', message);
+    if (exportEl) exportEl.textContent = message;
+  }
+}
+function renderAiInventory(inventory) {
+  var summaryEl = document.getElementById('aiInventorySummaryCards');
+  var componentsEl = document.getElementById('aiInventoryComponents');
+  var exportEl = document.getElementById('aiInventoryExportNote');
+  var components = Array.isArray(inventory.components) ? inventory.components : [];
+  var byCategory = inventory.summary && inventory.summary.byCategory ? inventory.summary.byCategory : {};
+  var modelArtifacts = byCategory.model_artifact || 0;
+  var vectorDbs = byCategory.vector_database || 0;
+  summaryEl.innerHTML = [
+    '<div class="team-card"><div class="team-kicker">Files scanned</div><div class="team-value">' + escHtml(String(inventory.filesScanned || 0)) + '</div><div class="team-note">source, manifests, model artifacts</div></div>',
+    '<div class="team-card"><div class="team-kicker">AI components</div><div class="team-value">' + escHtml(String(inventory.componentCount || components.length)) + '</div><div class="team-note">inventory evidence items</div></div>',
+    '<div class="team-card"><div class="team-kicker">Vector stores</div><div class="team-value">' + escHtml(String(vectorDbs)) + '</div><div class="team-note">retrieval governance surface</div></div>',
+    '<div class="team-card"><div class="team-kicker">Model artifacts</div><div class="team-value">' + escHtml(String(modelArtifacts)) + '</div><div class="team-note">local ML-BOM artifacts</div></div>'
+  ].join('');
+  if (!components.length) {
+    componentsEl.innerHTML = '<div class="empty">No AI/ML components detected in this project root.</div>';
+  } else {
+    componentsEl.innerHTML = components.map(function(item) {
+      var evidence = Array.isArray(item.evidence) ? item.evidence.slice(0, 4) : [];
+      var evidenceHtml = evidence.map(function(e) {
+        var loc = e.line ? (e.file + ':' + e.line) : e.file;
+        return '<li><code>' + escHtml(loc || 'unknown') + '</code> <span style="color:var(--text-muted);">[' + escHtml(e.kind || 'evidence') + ']</span></li>';
+      }).join('');
+      return '<div class="tool-card">' +
+        '<div class="tool-title">' + escHtml(item.name || item.id || 'AI component') + '</div>' +
+        '<div class="tool-meta">' + escHtml(item.category || 'unknown') + ' · ' + escHtml(item.ecosystem || 'unknown') + '</div>' +
+        '<ul style="margin:8px 0 0 18px;padding:0;">' + evidenceHtml + '</ul>' +
+      '</div>';
+    }).join('');
+  }
+  if (exportEl) {
+    exportEl.textContent = 'Ready: export ' + String(inventory.componentCount || components.length) + ' component(s) as CycloneDX ML-BOM evidence.';
+  }
 }
 function renderGeneratedViewToolbar(spec) {
@@ -1632,24 +1813,29 @@ function renderEnterpriseStatus(status) {
   if (!target) return;
   var vertex = status && status.vertex ? status.vertex : {};
   var dfcx = status && status.dfcx ? status.dfcx : {};
+  var localLlm = status && status.chat ? status.chat.localLlmEndpointConfigured : false;
+  var connectionMode = localLlm
+    ? 'Local/open-source LLM configured'
+    : (dfcx.liveAgentConfigured ? 'Google agent guard configured' : (vertex.configured ? 'Vertex routing configured' : 'Local deterministic fallback'));
   var rows = [
-    { name: 'Vertex routing', value: vertex.configured ? 'Configured' : 'Not configured', note: vertex.projectId ? ('Project: ' + vertex.projectId + ' · ' + (vertex.location || '')) : 'Run setup-vertex or set GOOGLE_VERTEX_PROJECT.' },
-    { name: 'DFCX live agent', value: dfcx.liveAgentConfigured ? 'Env present' : 'Not proven', note: dfcx.verification || 'Verify with REST/console evidence.' },
-    { name: 'Fulfillment proxy', value: dfcx.fulfillmentProxyConfigured ? 'Configured' : 'Not configured', note: 'Set THUMBGATE_DFCX_FULFILLMENT_URL for a deployed proxy.' },
-    { name: 'gcloud CX command', value: 'Unsupported', note: 'Do not use the old alpha gcloud CX command group; use REST API or console.' }
+    { name: 'Chat runtime', value: connectionMode, note: localLlm ? 'Using THUMBGATE_LOCAL_LLM_ENDPOINT for local/open-source inference.' : 'Local deterministic summaries work without cloud credentials; configure a local LLM for generated answers.' },
+    { name: 'Data boundary', value: 'Local by default', note: 'Dashboard answers are grounded in local ThumbGate data and do not require Google Cloud.' },
+    { name: 'Vertex adapter', value: vertex.configured ? 'Configured' : 'Optional', note: vertex.projectId ? ('Project: ' + vertex.projectId + ' · ' + (vertex.location || '')) : 'Only needed when the buyer chooses Google-hosted routing.' },
+    { name: 'Dialogflow guard adapter', value: dfcx.liveAgentConfigured ? 'Configured' : 'Optional', note: dfcx.verification || 'Only needed for customer-owned Dialogflow CX agent deployments.' },
+    { name: 'Legacy gcloud CX command', value: 'Unsupported', note: 'Do not use the old alpha gcloud CX command group; use REST API or console for DFCX proof.' }
   ];
   target.innerHTML = rows.map(function(row) {
     return '<div class="inventory-row"><div><div class="inventory-name">' + escHtml(row.name) + '</div><div class="inventory-subtitle">' + escHtml(row.note) + '</div></div><span class="remediation-action">' + escHtml(row.value) + '</span></div>';
   }).join('');
 }
-async function loadEnterpriseDialogflowStatus() {
+async function loadEnterpriseDataChatStatus() {
   if (!API_KEY || isDemo) {
     renderEnterpriseStatus({ vertex: {}, dfcx: { verification: 'Connect to load local status.' } });
     return;
   }
   try {
-    var res = await fetch('/v1/enterprise/dialogflow/status', { headers: getHeaders() });
+    var res = await fetch('/v1/enterprise/data-chat/status', { headers: getHeaders() });
     if (!res.ok) throw new Error('status unavailable');
     renderEnterpriseStatus(await res.json());
   } catch (err) {
@@ -1679,26 +1865,27 @@ async function sendEnterpriseChat() {
   }
   button.disabled = true;
   answer.className = 'enterprise-answer';
-  answer.textContent = 'Running the DFCX guard and reading local dashboard data...';
+  answer.textContent = 'Local RAG (LanceDB + lessons) plus your LLM...';
   sources.innerHTML = '';
   try {
-    var res = await fetch('/v1/enterprise/dialogflow/chat', {
+    var res = await fetch('/v1/chat', {
       method: 'POST',
       headers: getHeaders(),
-      body: JSON.stringify({ prompt: prompt })
+      body: JSON.stringify({ question: prompt })
     });
     var data = await res.json();
-    if (!res.ok) throw new Error(data.detail || data.error || 'chat failed');
-    answer.className = 'enterprise-answer' + (data.blocked ? ' blocked' : '');
-    answer.textContent = data.answer || 'No answer returned.';
+    if (!res.ok) throw new Error(data.detail || data.error || data.message || 'chat failed');
+    answer.className = 'enterprise-answer';
+    answer.textContent = data.answer || data.message || 'No answer returned.';
     var list = Array.isArray(data.sources) ? data.sources : [];
     sources.innerHTML = list.map(function(source) {
-      return '<span class="enterprise-source">' + escHtml(source) + '</span>';
+      var label = typeof source === 'string' ? source : (source && (source.title || source.id || ''));
+      return '<span class="enterprise-source">' + escHtml(label) + '</span>';
     }).join('');
-    renderEnterpriseStatus(data.status || {});
+    loadEnterpriseDataChatStatus();
   } catch (err) {
     answer.className = 'enterprise-answer blocked';
-    answer.textContent = err.message || 'Enterprise chat failed.';
+    answer.textContent = err.message || 'Chat failed. Configure a local LLM endpoint or API key for RAG.';
   } finally {
     button.disabled = false;
   }
@@ -1980,6 +2167,7 @@ function loadDemo() {
 // Auto-load demo on first visit so visitors see the product immediately
 window.addEventListener('DOMContentLoaded', function() {
+  preserveProjectQueryParams();
   if (hasBootstrapKey()) {
     connect({ key: BOOTSTRAP_API_KEY, localPro: true });
     return;

package/public/guide.html CHANGED Viewed

@@ -330,7 +330,7 @@ npx thumbgate init --agent gemini</code></pre>
   <tr><td>Auto-generates rules</td><td>Yes — from repeated failures</td><td>No</td><td>No</td></tr>
   <tr><td>Agent support</td><td>Claude Code, Codex, Gemini, Amp, Cursor, OpenCode</td><td>Claude Code, Cursor, Windsurf, Cline</td><td>Claude, Cursor</td></tr>
   <tr><td>Install</td><td><code>npx thumbgate init</code></td><td><code>npx speclock setup</code></td><td>Cloud signup</td></tr>
-  <tr><td>Cost</td><td>Free (Pro $19/mo or $149/yr, Team rollout $49/seat/mo)</td><td>Free</td><td>Free tier + paid</td></tr>
+  <tr><td>Cost</td><td>Free (Pro $19/mo or $149/yr, Enterprise custom pricing)</td><td>Free</td><td>Free tier + paid</td></tr>
 </table>
 <h2>Common Scenarios</h2>
@@ -379,7 +379,7 @@ npx thumbgate init --agent gemini</code></pre>
 <a rel="nofollow noopener noreferrer" target="_blank" href="https://buy.stripe.com/00w14neyUcXA5pL5e33sI0e" class="cta cta-secondary">Pay $499 diagnostic</a>
 <a rel="nofollow noopener noreferrer" target="_blank" href="https://buy.stripe.com/fZu9AT76saPsg4pbCr3sI0f" class="cta cta-secondary">Pay $1500 sprint</a>
 <a href="https://thumbgate.ai/#workflow-sprint-intake" class="cta cta-secondary">Send workflow first</a>
-<p style="color:var(--muted); font-size:0.85rem;">Free: 5 captures/day, 25 total captures, 3 active prevention rules, hook blocking. Pro: hosted sync, dashboard, recall, lesson search, unlimited captures/rules, DPO export. Team: intake first, then $49/seat/mo with a 3-seat minimum.</p>
+<p style="color:var(--muted); font-size:0.85rem;">Free: 5 captures/day, 25 total captures, 3 active prevention rules, hook blocking. Pro: hosted sync, dashboard, recall, lesson search, unlimited captures/rules, DPO export. Enterprise: intake first, then custom pricing scoped to your rollout.</p>
 </div>
 </body>