thumbgate 1.27.12 → 1.27.13

package/public/learn/from-prototype-to-production.html

@@ -1,223 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>From git init to v1.17.0 in 70 days: an honest ThumbGate build log — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="70 days, 112+ commits, 17 minor releases, ~6,000 npm downloads, $0 customer revenue. What I learned shipping ThumbGate from a one-line repo init to a live production stack at thumbgate.ai.">
-<meta name="keywords" content="ThumbGate, build log, AI agent guardrails, pre-action gates, indie SaaS, npm package, Railway deploy, solo founder, AI coding agents, prototype to production">
-<meta property="og:title" content="From git init to v1.17.0 in 70 days: an honest ThumbGate build log">
-<meta property="og:description" content="The unedited story of taking ThumbGate from a one-line repo init to a live production stack — including what's working, what isn't, and the part where revenue is still zero.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/from-prototype-to-production">
-<meta property="og:image" content="https://thumbgate.ai/og.png">
-<meta name="twitter:card" content="summary_large_image">
-<link rel="canonical" href="https://thumbgate.ai/learn/from-prototype-to-production">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "From git init to v1.17.0 in 70 days: an honest ThumbGate build log",
-  "description": "70 days, 17 minor releases, 6k npm downloads, $0 real revenue. What I learned shipping ThumbGate from a repo init to production.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-05-12",
-  "dateModified": "2026-05-12",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/from-prototype-to-production",
-  "about": [
-    {"@type": "Thing", "name": "indie SaaS build log"},
-    {"@type": "Thing", "name": "AI agent guardrails"},
-    {"@type": "Thing", "name": "shipping in public"}
-  ]
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .timeline { border-left: 2px solid var(--border); padding-left: 1.2rem; margin: 1.5rem 0; }
-  .timeline-item { margin-bottom: 1.2rem; position: relative; }
-  .timeline-item::before { content: ''; position: absolute; left: -1.5rem; top: 0.5rem; width: 10px; height: 10px; border-radius: 50%; background: var(--cyan); }
-  .timeline-date { color: var(--cyan); font-family: ui-monospace, monospace; font-size: 0.85rem; }
-  .timeline-title { font-weight: 600; margin: 0.1rem 0; }
-  .stats { display: grid; grid-template-columns: repeat(auto-fit, minmax(140px, 1fr)); gap: 0.8rem; margin: 1.5rem 0; }
-  .stat { background: rgba(255,255,255,0.03); border: 1px solid var(--border); border-radius: 8px; padding: 0.8rem; }
-  .stat-num { font-family: ui-monospace, monospace; color: var(--green); font-size: 1.4rem; font-weight: 600; }
-  .stat-label { color: var(--muted); font-size: 0.8rem; margin-top: 0.2rem; }
-  .lesson { border-left: 3px solid var(--green); padding: 0.6rem 0.9rem; margin: 1rem 0; background: rgba(0,255,128,0.04); }
-  .honest { border-left: 3px solid #f59e0b; padding: 0.6rem 0.9rem; margin: 1rem 0; background: rgba(245,158,11,0.06); }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<main>
-
-<h1>From <code>git init</code> to v1.17.0 in 70 days: an honest ThumbGate build log</h1>
-<p class="meta">Igor Ganapolsky · May 12, 2026 · 8 min read</p>
-
-<p>On <strong>March 3</strong>, the first commit on this repo was three words: <code>chore: initialize repository</code>. Today the live build at <a href="https://thumbgate.ai/health">thumbgate.ai/health</a> reports <code>"version":"1.17.0"</code>. In between, 70 days, 112 commits on the visible branch, 60+ tagged releases, ~6,000 npm downloads, and one expensive lesson: <em>shipping is not the same as selling</em>.</p>
-
-<p>This is the unedited build log — the architecture choices that held, the ones that didn't, and the part where revenue is still zero.</p>
-
-<div class="stats">
-  <div class="stat"><div class="stat-num">70</div><div class="stat-label">days, init → production</div></div>
-  <div class="stat"><div class="stat-num">112+</div><div class="stat-label">commits, this branch</div></div>
-  <div class="stat"><div class="stat-num">17</div><div class="stat-label">minor releases (v1.0 → v1.17)</div></div>
-  <div class="stat"><div class="stat-num">~6k</div><div class="stat-label">npm downloads, last 30d</div></div>
-  <div class="stat"><div class="stat-num">15</div><div class="stat-label">live products in Stripe</div></div>
-  <div class="stat"><div class="stat-num">$0</div><div class="stat-label">cold-traffic revenue</div></div>
-</div>
-
-<h2>The hypothesis</h2>
-
-<p>AI coding agents (Claude Code, Cursor, Codex, Aider, Cline) burn money making the same mistake twice. Force-pushing to <code>main</code>. Editing <code>.env</code> without checking what's already in it. Claiming "deployed" without curling the health endpoint. Calling shell with un-escaped user input.</p>
-
-<p>If you've watched an agent retry the same broken patch four times in a row, you know exactly what I mean.</p>
-
-<p>The hypothesis: <strong>capture the moment of failure, distill it into a rule, and gate the next attempt <em>before</em> the tool call fires</strong>. Not a linter (those run too late). Not a post-action review (the damage is done). A pre-action gate with an opinion.</p>
-
-<h2>The timeline</h2>
-
-<div class="timeline">
-  <div class="timeline-item">
-    <div class="timeline-date">2026-03-03</div>
-    <div class="timeline-title">Repo init. First commit: <code>bootstrap OSS RLHF feedback system</code>.</div>
-    <p>The original framing was "RLHF for coding agents." It was wrong — what I was actually building was context engineering plus enforcement. The pivot took weeks.</p>
-  </div>
-
-  <div class="timeline-item">
-    <div class="timeline-date">2026-03-06</div>
-    <div class="timeline-title">First release: v0.6.8. The version starts at 0.6 because there's a private prototype that predates the public repo.</div>
-  </div>
-
-  <div class="timeline-item">
-    <div class="timeline-date">2026-03-09 → 2026-04-02</div>
-    <div class="timeline-title">~40 patch releases. The architecture stabilizes.</div>
-    <p>SQLite + FTS5 for the lesson database (because it ships in the npm package and survives no-network installs). LanceDB for vectors. Thompson Sampling for which gates to fire when. ContextFS for context assembly. <a href="/learn/agent-harness-pattern">The agent harness pattern</a> as the mental model.</p>
-  </div>
-
-  <div class="timeline-item">
-    <div class="timeline-date">2026-04-08</div>
-    <div class="timeline-title">v1.0.0 cut. The OSS package ships on npm as <code>thumbgate</code>.</div>
-    <p>The same day, v1.1.0 lands the HuggingFace export. The cadence is "release on green CI, don't wait."</p>
-  </div>
-
-  <div class="timeline-item">
-    <div class="timeline-date">2026-04-20</div>
-    <div class="timeline-title">npm downloads peak at 1,334 in a single day.</div>
-    <p>That spike was a Reddit post, not paid traffic. Organic interest exists. Conversion to paid does not, yet.</p>
-  </div>
-
-  <div class="timeline-item">
-    <div class="timeline-date">2026-04-21</div>
-    <div class="timeline-title">X/Twitter retired from active distribution.</div>
-    <p>Active outbound moved to Reddit, LinkedIn, Threads, Bluesky, Instagram, YouTube. All routed through one social-publishing layer (Zernio) so I'm not maintaining six token rotations.</p>
-  </div>
-
-  <div class="timeline-item">
-    <div class="timeline-date">2026-05-11</div>
-    <div class="timeline-title">v1.17.0 ships. Free tier opens up: unlimited feedback captures, 5 active prevention rules (was 3 lifetime + 1 rule).</div>
-    <p>The hard wall on the free tier was killing habit formation. Daily-use lane is now open; Pro gates the dashboard, recall, lesson search, and DPO export.</p>
-  </div>
-
-  <div class="timeline-item">
-    <div class="timeline-date">2026-05-12 (today)</div>
-    <div class="timeline-title">Stripe surface fully reconciled. 15 active products, 14 customer-facing payment links, zero duplicates, every product carries the correct tier logo. Dashboard live.</div>
-  </div>
-</div>
-
-<h2>What's running in production</h2>
-
-<ul>
-  <li><strong>npm package <code>thumbgate</code></strong> — the public shell. CLI, hook installer, adapter configs, JSON schemas. Node ≥18.18, MIT.</li>
-  <li><strong>Railway-hosted API</strong> at <code>thumbgate.ai</code> — health, dashboard, checkout intent, billing summary. Docker rebuild on every push to <code>main</code> (2–5 min). Verified post-deploy by curling <code>/health</code> and grepping the version string.</li>
-  <li><strong>Stripe</strong> — 15 active products (Pro $19/mo + $149/yr; Team $49/seat/mo; plus 13 funnel/diagnostic SKUs from $1 to $1,500). All carry the canonical ThumbGate logo. Checkout sessions verified to mint live <code>cs_live_</code> IDs.</li>
-  <li><strong>SQLite + FTS5 lesson DB</strong> — ships in the package, runs on-device, never phones home.</li>
-  <li><strong>LanceDB vector index</strong> — for semantic lesson recall.</li>
-  <li><strong>Plausible analytics</strong> — privacy-respecting, no cookie banner, no IP logging.</li>
-  <li><strong>Two-repo split</strong>: public <code>ThumbGate</code> (this) is the thin shell; <code>ThumbGate-Core</code> (private) holds the ranking, synthesis, billing intelligence, and org-wide telemetry. Wire protocol between them, never <code>require()</code>.</li>
-</ul>
-
-<h2>Five lessons I'd give my March-3 self</h2>
-
-<div class="lesson">
-  <strong>1. A deployment-verification gate beats a memory note.</strong> I told myself "always curl <code>/health</code> after merge" for weeks. It didn't stick. The fix was a hard rule in <code>CLAUDE.md</code> that blocks the words "done", "deployed", "live", or "shipped" until two grep commands return non-empty output. The day that gate landed was the day I stopped lying to myself about ship status.
-</div>
-
-<div class="lesson">
-  <strong>2. Behavioral rules only work at ZERO/ALWAYS thresholds.</strong> "1 in 5 social posts should mention the product" silently degrades to "every post mentions the product" because the LLM can't count across sessions. Write absolutes: <em>never</em> auto-post replies, <em>always</em> show <code>gh pr view</code> output before claiming done. The middle ground does not exist.
-</div>
-
-<div class="lesson">
-  <strong>3. Memory and instructions decay together.</strong> When you change a rule in <code>CLAUDE.md</code>, also update the lesson DB entry or prevention rule that contradicts it. Otherwise the agent follows stale memory over the new instruction. Memory always wins ties.
-</div>
-
-<div class="lesson">
-  <strong>4. Fix-on-fix commits are a systemic-failure signal.</strong> If a bug takes 3+ commit attempts to land, stop pushing. Read the platform docs. The five-commit CSS chase that turned out to be one line of <code>scroll-snap-type: none</code> on mobile cost me a full afternoon of CI minutes and trust.
-</div>
-
-<div class="lesson">
-  <strong>5. The shape of "production" is fractal.</strong> "Production" was running by week 2 (Railway, dashboard, npm). "Production-ready for paying customers" took until week 10 (clean Stripe, verified deploy gate, kill-stale-payment-links pass, logo on every product). The first one ships in a weekend. The second one is the actual job.
-</div>
-
-<h2>The part that's still broken</h2>
-
-<div class="honest">
-  <strong>Real customer revenue is $0.</strong> Excluding test transactions, no cold-traffic visitor has ever paid for ThumbGate Pro or Team. The npm download trend is real (6k in 30 days), the landing page conversion is not. 50 recent Stripe Checkout sessions started; zero completed.
-</div>
-
-<p>This is honest because pretending otherwise would be the exact kind of "live revenue claim" the deploy-verification gate exists to stop. The product works. The funnel doesn't yet. That's a distribution problem, not a product-doesn't-work problem — but it's still a problem.</p>
-
-<p>The next 30 days are about three things:</p>
-
-<ol>
-  <li><strong>Friction-free first-gate-fires.</strong> If <code>npx thumbgate init</code> doesn't surface a real, named gate inside 60 seconds on a real codebase, install-to-aha is broken. Measuring this with anonymous telemetry on the install flow.</li>
-  <li><strong>Story-driven distribution.</strong> Build logs (like this one) and gate-of-the-week posts. Specific war stories beat feature lists. Verified by Plausible referrer reports, not vibes.</li>
-  <li><strong>Refund-rate triage on the funnel SKUs.</strong> The $1, $5, $19, $49 quick-read tier exists to validate willingness-to-pay at low friction. If those convert, the $1,500 Workflow Hardening Sprint becomes a real consulting funnel.</li>
-</ol>
-
-<h2>The tools I shipped this on</h2>
-
-<p>Solo founder, no team. Stack: <strong>Claude Code</strong> as the primary engineer (CTO mode, autonomous PR/merge/deploy when CI is green); <strong>Cursor</strong> for ad-hoc edits; <strong>Railway</strong> for hosting; <strong>Stripe</strong> for billing; <strong>Resend</strong> for transactional email; <strong>Plausible</strong> for analytics; <strong>Zernio</strong> for cross-platform social publishing.</p>
-
-<p>The single highest-ROI choice was treating Claude Code as a CTO with a strict <code>CLAUDE.md</code> contract — branch from <code>main</code>, push, PR, wait for green CI, merge, verify, deploy. The model handles the work; the gate file handles the discipline.</p>
-
-<h2>Try it</h2>
-
-<p>One-line install:</p>
-
-<pre><code>npx thumbgate init</code></pre>
-
-<p>You'll have a working pre-action gate in your AI coding agent inside 60 seconds, or the install is broken and I want to hear about it.</p>
-
-<p>If you've been burned by an AI agent doing something it shouldn't have, the <a href="/checkout/pro?utm_source=blog&amp;utm_medium=prototype_to_production&amp;utm_campaign=build_log">Pro tier</a> is $19/mo and adds the dashboard, recall, and lesson search. Or just install the free version, get a feel for it, and decide later. The whole thing is MIT.</p>
-
-<p>I'll write the next build log at v2.0.0 — or when the first cold-traffic customer pays, whichever comes first.</p>
-
-<p class="meta">— Igor</p>
-
-<hr>
-
-<p class="meta">More build logs: <a href="/learn/agent-harness-pattern">The agent harness pattern</a> · <a href="/learn/mcp-pre-action-checks-explained">MCP pre-action checks explained</a> · <a href="/learn/stop-ai-agent-force-push">Stop AI agents from force-pushing</a> · <a href="/learn/vibe-coding-safety-net">A safety net for vibe-coding</a></p>
-
-</main>
-
-</body>
-</html>

package/public/learn/learn.css

@@ -1,51 +0,0 @@
-/* ThumbGate Learn Hub — shared styles for /learn pages */
-*, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
-:root {
-  --bg: #0a0a0b; --bg-card: #161618; --bg-raised: #111113;
-  --border: #222225; --text: #e8e8ec; --muted: #8b8b94;
-  --cyan: #22d3ee; --green: #34d399; --red: #f87171;
-}
-body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg); color: var(--text); line-height: 1.7; }
-.container { max-width: 700px; margin: 0 auto; padding: 2rem 1.5rem 4rem; }
-nav { padding: 1rem 2rem; border-bottom: 1px solid var(--border); display: flex; gap: 1.5rem; align-items: center; }
-nav a { color: var(--muted); text-decoration: none; font-size: 0.9rem; }
-nav a:hover { color: var(--cyan); }
-nav .brand { color: var(--text); font-weight: 700; font-size: 1.1rem; display: inline-flex; align-items: center; gap: 8px; text-decoration: none; }
-nav .brand .logo-mark { width: 28px; height: 28px; display: block; }
-h1 { font-size: 2rem; line-height: 1.2; margin: 2rem 0 1rem; }
-h2 { font-size: 1.4rem; margin: 2.5rem 0 0.75rem; color: var(--cyan); }
-h3 { font-size: 1.1rem; margin: 1.5rem 0 0.5rem; }
-p, li { margin-bottom: 0.75rem; }
-ul, ol { padding-left: 1.5rem; }
-code { background: #1a1a1e; padding: 0.15em 0.4em; border-radius: 4px; font-size: 0.9em; color: var(--cyan); font-family: 'SF Mono', 'Cascadia Code', 'JetBrains Mono', Consolas, monospace; }
-pre { background: var(--bg-raised); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; overflow-x: auto; margin: 1rem 0; }
-pre code { background: none; padding: 0; color: var(--text); }
-.breadcrumb { font-size: 0.85rem; color: var(--muted); margin-bottom: 0.5rem; }
-.breadcrumb a { color: var(--cyan); text-decoration: none; }
-.breadcrumb a:hover { text-decoration: underline; }
-.callout { background: var(--bg-card); border-left: 3px solid var(--cyan); padding: 1rem 1.25rem; border-radius: 0 8px 8px 0; margin: 1.5rem 0; }
-.callout-red { border-left-color: var(--red); }
-.callout-green { border-left-color: var(--green); }
-.cta-box { margin-top: 3rem; padding: 2rem; background: var(--bg-raised); border: 1px solid var(--border); border-radius: 12px; text-align: center; }
-.cta-box p { color: var(--muted); }
-.cta-install { display: inline-block; background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 10px 20px; font-family: 'SF Mono', Consolas, monospace; font-size: 0.95rem; color: var(--cyan); margin-top: 1rem; }
-.cta-actions { display: flex; flex-wrap: wrap; gap: 0.75rem; justify-content: center; margin-top: 1.1rem; }
-.cta-link { display: inline-flex; align-items: center; justify-content: center; min-height: 42px; padding: 0.65rem 0.9rem; border-radius: 8px; background: var(--cyan); color: #031114; text-decoration: none; font-weight: 700; }
-.cta-link:hover { opacity: 0.9; text-decoration: none; }
-.cta-link-secondary { background: transparent; color: var(--text); border: 1px solid var(--border); }
-.cta-link-secondary:hover { border-color: var(--cyan); color: var(--cyan); }
-.related { margin-top: 2rem; }
-.related a { color: var(--cyan); text-decoration: none; display: block; margin-bottom: 0.5rem; }
-.related a:hover { text-decoration: underline; }
-@media (max-width: 700px) { h1 { font-size: 1.5rem; } .container { padding: 1.5rem 1rem 3rem; } }
-
-/* TL;DR box — appears right after h1 to hook skimmers */
-.tldr { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem 1.25rem; margin: 1rem 0 2rem; font-size: 0.95rem; }
-.tldr strong { color: var(--cyan); }
-/* Sticky bottom CTA bar */
-.sticky-cta { position: fixed; bottom: 0; left: 0; right: 0; background: var(--bg-raised); border-top: 1px solid var(--border); padding: 10px 0; text-align: center; z-index: 100; display: flex; align-items: center; justify-content: center; gap: 16px; font-size: 0.9rem; }
-.sticky-cta code { background: var(--bg-card); padding: 4px 12px; border-radius: 6px; color: var(--cyan); font-family: 'SF Mono', Consolas, monospace; font-size: 0.85rem; border: 1px solid var(--border); }
-.sticky-cta a { color: var(--cyan); text-decoration: none; font-weight: 600; }
-.sticky-cta a:hover { text-decoration: underline; }
-/* Add padding-bottom to body so sticky bar doesn't cover content */
-body { padding-bottom: 52px; }

package/public/learn/mcp-pre-action-checks-explained.html

@@ -1,172 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>MCP Pre-Action Checks Explained — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="What pre-action checks are, how they work in the Model Context Protocol, and why enforcement beats prompt rules for AI coding agent safety.">
-<meta name="keywords" content="MCP pre-action checks, PreToolUse hooks, Model Context Protocol, AI agent enforcement, Claude Code hooks, MCP server guardrails, tool call interception, ThumbGate">
-<meta property="og:title" content="MCP Pre-Action Checks Explained">
-<meta property="og:description" content="Technical deep-dive: how pre-action checks intercept tool calls and enforce safety rules for AI coding agents.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/mcp-pre-action-checks-explained">
-<link rel="canonical" href="https://thumbgate.ai/learn/mcp-pre-action-checks-explained">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "MCP Pre-Action Checks Explained",
-  "description": "Technical deep-dive into pre-action checks: how they intercept tool calls and enforce safety rules at the MCP hook layer.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-04-01",
-  "dateModified": "2026-04-01",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/mcp-pre-action-checks-explained",
-  "about": [
-    {"@type": "Thing", "name": "Model Context Protocol"},
-    {"@type": "Thing", "name": "PreToolUse hooks"},
-    {"@type": "Thing", "name": "AI agent enforcement"}
-  ]
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .flow-diagram { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1.5rem; margin: 1.5rem 0; font-family: 'SF Mono', Consolas, monospace; font-size: 0.85rem; color: var(--text); line-height: 2; text-align: center; }
-  .flow-diagram .arrow { color: var(--cyan); }
-  .flow-diagram .block { color: var(--green); }
-  .flow-diagram .deny { color: var(--red); }
-  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
-  th, td { text-align: left; padding: 0.6rem 0.8rem; border-bottom: 1px solid var(--border); font-size: 0.9rem; }
-  th { color: var(--cyan); font-weight: 600; }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / MCP Pre-Action Checks</div>
-  <h1>MCP Pre-Action Checks Explained</h1>
-  <p style="color:var(--muted);">4 min read &middot; Technical deep-dive for developers building on MCP</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> Pre-action checks intercept tool calls before they execute. Unlike prompt rules, they cannot be ignored. This is how enforcement actually works in MCP.</div>
-
-  <h2>What is a pre-action check?</h2>
-  <p>A pre-action check is an enforcement rule that intercepts an AI agent's tool call <em>before</em> it executes. If the tool call matches a known-bad pattern, the check blocks it and returns a rejection to the agent. The agent then adapts its approach without ever having run the dangerous action.</p>
-  <p>Checks run at the hook layer of the Model Context Protocol (MCP). They are external to the agent's reasoning chain, which means they cannot be overridden by prompt injection, context overflow, or chain-of-thought reasoning.</p>
-
-  <h2>How it works: the tool call lifecycle</h2>
-  <div class="flow-diagram">
-    <span class="block">Agent decides to call tool</span><br>
-    <span class="arrow">&darr;</span><br>
-    <span class="block">PreToolUse hook fires</span><br>
-    <span class="arrow">&darr;</span><br>
-    <span class="block">ThumbGate checks tool call against checks</span><br>
-    <span class="arrow">&darr;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&darr;</span><br>
-    <span class="block">No match &rarr; ALLOW</span>&nbsp;&nbsp;&nbsp;&nbsp;<span class="deny">Match &rarr; BLOCK + reason</span><br>
-    <span class="arrow">&darr;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&darr;</span><br>
-    <span class="block">Tool executes</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="deny">Agent receives rejection</span>
-  </div>
-
-  <h2>Prompt rules vs. pre-action checks</h2>
-  <table>
-    <thead>
-      <tr><th>Property</th><th>Prompt Rules</th><th>Pre-Action Checks</th></tr>
-    </thead>
-    <tbody>
-      <tr><td>Where they live</td><td>Inside agent context</td><td>External hook layer</td></tr>
-      <tr><td>Can be overridden</td><td>Yes (context overflow, reasoning)</td><td>No (runs outside agent)</td></tr>
-      <tr><td>Enforcement</td><td>Advisory</td><td>Physical block</td></tr>
-      <tr><td>Persistence</td><td>Per-session (context-dependent)</td><td>Permanent (database-backed)</td></tr>
-      <tr><td>Adapts over time</td><td>No</td><td>Yes (Thompson Sampling)</td></tr>
-      <tr><td>Explains why</td><td>No</td><td>Yes (reason chain per block)</td></tr>
-    </tbody>
-  </table>
-
-  <h2>The three layers of a check</h2>
-
-  <h3>1. Pattern matcher</h3>
-  <p>Checks match against the tool name and its arguments. For a <code>Bash</code> tool call, the pattern might match <code>git push --force</code> targeting <code>main</code>. For a <code>Write</code> tool call, it might match writes to <code>.env</code> or <code>production.config</code>.</p>
-  <pre><code>{
-  "tool": "Bash",
-  "pattern": "git push.*(--force|-f).*main",
-  "action": "BLOCK"
-}</code></pre>
-
-  <h3>2. Evidence and reasoning</h3>
-  <p>Every check decision includes a reasoning chain: why this pattern exists, how many times it has fired, what the original failure was. This transparency lets you audit the system and tune it.</p>
-  <pre><code>{
-  "check": "no-force-push-main",
-  "decision": "BLOCK",
-  "reason": "Force-push to main blocked",
-  "evidence": "User reported loss of 14 commits (2026-03-15)",
-  "fire_count": 7,
-  "confidence": 0.94
-}</code></pre>
-
-  <h3>3. Thompson Sampling adaptation</h3>
-  <p>Not all patterns deserve the same enforcement level. Thompson Sampling uses a beta distribution to model each check's risk profile. High-risk patterns (many failures, few successes) get strict enforcement. Low-risk patterns (rarely triggered, occasionally overridden) stay relaxed.</p>
-
-  <div class="callout">
-    <strong>Why Thompson Sampling?</strong> It balances exploration vs. exploitation. New checks start with wide confidence intervals and tighten as evidence accumulates. This prevents over-blocking on sparse data while ensuring genuinely dangerous patterns get strict enforcement fast.
-  </div>
-
-  <h2>How checks are created</h2>
-  <ol>
-    <li><strong>Feedback capture:</strong> Developer gives thumbs-down with context about what went wrong</li>
-    <li><strong>Lesson storage:</strong> Feedback is stored in SQLite with FTS5 indexing for fast retrieval</li>
-    <li><strong>Corrective inference:</strong> ThumbGate matches the failure against similar past failures and infers what should be prevented</li>
-    <li><strong>Rule promotion:</strong> After configurable repeated failures, the lesson promotes to a prevention rule</li>
-    <li><strong>Check activation:</strong> The prevention rule becomes an active check in the PreToolUse hook</li>
-  </ol>
-
-  <h2>Supported agents</h2>
-  <p>Pre-action checks work with any agent that supports MCP hooks:</p>
-  <ul>
-    <li><strong>Claude Code</strong> &mdash; PreToolUse hooks in <code>.claude/settings.json</code></li>
-    <li><strong>Cursor</strong> &mdash; MCP server configuration in <code>.cursor/mcp.json</code></li>
-    <li><strong>Codex</strong> &mdash; MCP tool interception via server config</li>
-    <li><strong>Gemini CLI</strong> &mdash; MCP server hooks</li>
-    <li><strong>Amp, OpenCode</strong> &mdash; any MCP-compatible agent</li>
-  </ul>
-  <p>Run <code>npx thumbgate init</code> to auto-detect your agent and configure the correct hook format.</p>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Build your first check</h2>
-    <p>Install, give your first thumbs-down, and watch the check auto-generate.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related guides</h3>
-    <a href="/learn/stop-ai-agent-force-push">How to Stop AI Agents From Force-Pushing to Main &rarr;</a>
-    <a href="/learn/vibe-coding-safety-net">The Vibe Coding Safety Net You Are Missing &rarr;</a>
-    <a href="/guide">Full Setup Guide &rarr;</a>
-  </div>
-</div>
-
-
-  <div class="sticky-cta">
-    <span style="color:var(--muted)">Try it now:</span>
-    <code>npx thumbgate init</code>
-    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-  </div>
-</body>
-</html>

package/public/learn/pretix-stripe-connect-marketplaces.html

@@ -1,161 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Building a Pretix + Stripe Connect Plugin for Live-Music Venues — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="How to design a multi-venue Stripe Connect ticketing plugin on Pretix, keeping venues as Merchant of Record without messy platform-fee tax reporting.">
-<meta name="keywords" content="Pretix, Stripe Connect, Direct Charges, Application Fees, Multi-Venue Ticketing, SetupIntent, PaymentIntent, Webhook Idempotency, Merchant of Record">
-<meta property="og:title" content="Building a Pretix + Stripe Connect Plugin for Live-Music Venues">
-<meta property="og:description" content="How to design a multi-venue Stripe Connect ticketing plugin on Pretix, keeping venues as Merchant of Record without messy platform-fee tax reporting.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/pretix-stripe-connect-marketplaces">
-<meta property="og:image" content="https://thumbgate.ai/og.png">
-<meta name="twitter:card" content="summary_large_image">
-<link rel="canonical" href="https://thumbgate.ai/learn/pretix-stripe-connect-marketplaces">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "Building a Pretix + Stripe Connect Plugin for Live-Music Venues",
-  "description": "How to design a multi-venue Stripe Connect ticketing plugin on Pretix, keeping venues as Merchant of Record without messy platform-fee tax reporting.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-06-05",
-  "dateModified": "2026-06-05",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/pretix-stripe-connect-marketplaces",
-  "about": [
-    {"@type": "Thing", "name": "Stripe Connect Direct Charges"},
-    {"@type": "Thing", "name": "Pretix plugin architecture"},
-    {"@type": "Thing", "name": "marketplace accounting"}
-  ]
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .stats { display: grid; grid-template-columns: repeat(auto-fit, minmax(140px, 1fr)); gap: 0.8rem; margin: 1.5rem 0; }
-  .stat { background: rgba(255,255,255,0.03); border: 1px solid var(--border); border-radius: 8px; padding: 0.8rem; }
-  .stat-num { font-family: ui-monospace, monospace; color: var(--green); font-size: 1.4rem; font-weight: 600; }
-  .stat-label { color: var(--muted); font-size: 0.8rem; margin-top: 0.2rem; }
-  .decision { border-left: 3px solid var(--cyan); padding: 0.6rem 0.9rem; margin: 1.5rem 0; background: rgba(0,212,170,0.04); }
-  .takeaway { border-left: 3px solid #f59e0b; padding: 0.6rem 0.9rem; margin: 1.5rem 0; background: rgba(245,158,11,0.06); }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<main>
-
-<h1>Building a Pretix + Stripe Connect Plugin for Live-Music Venues</h1>
-<p class="meta">Igor Ganapolsky · June 5, 2026 · 5 min read</p>
-
-<p><em>Facts verified against Upwork contract history + commit log. No metric stated below was invented; if it isn't measured, it isn't here.</em></p>
-
-<h2>The Brief</h2>
-
-<p>A regional live-music operator (Hilltown Media Group) needed to ship venue-branded online ticketing on top of <a href="https://pretix.eu/">Pretix</a> — a self-hosted, open-source event ticketing platform — with a multi-venue Stripe Connect topology where each venue stays Merchant of Record (MoR) for tax purposes. They came in with a clear architectural opinion: Direct Charges (or Destination with <code>on_behalf_of</code>), a fixed $1.00 platform fee decoupled from the venue's sales tax, and a Pretix-plugin-shaped extension surface so nothing forks the upstream platform.</p>
-
-<h2>What Was Delivered or Funded (Phase 1 Evidence Gates)</h2>
-
-<p>The Upwork contract has three Phase 1 milestones with separate evidence gates. I am keeping the accounting language strict here:</p>
-
-<ul>
-  <li><strong>M1</strong> — Released and withdrawn: Pretix plugin scaffold (<code>yourstage_core</code>) with the venue-as-MoR Stripe Connect integration, Direct Charges on the connected account, and the $1 platform fee implemented as <code>application_fee_amount</code> so it never lands in the venue's taxable-revenue ledger.</li>
-  <li><strong>M2</strong> — Approved and pending balance conversion: multi-venue onboarding glue, Stripe account connection flow, local tax-rate settings, and buyer-flow proof.</li>
-  <li><strong>M3</strong> — Escrow funded: checkout hardening, Stripe evidence, webhook/refund reconciliation, and production-readiness proof.</li>
-</ul>
-
-<p>The verified cash gate as of June 5, 2026 is M1 withdrawn at $1,350 net, M2 pending at $900 net, and M3 escrow funded at $1,500 gross. Phase 2 ($5,000) covers pre-tab drink tokens, featured-merch upsells at checkout, an automated waitlist with <code>SetupIntent</code> -> off-session <code>PaymentIntent</code> conversion, on-door upsell modals on the Pretix scan API, and Stripe Terminal JS/RN integration for the box office.</p>
-
-<div class="stats">
-  <div class="stat"><div class="stat-num">$1,350</div><div class="stat-label">M1 Net Withdrawn</div></div>
-  <div class="stat"><div class="stat-num">$900</div><div class="stat-label">M2 Net Pending</div></div>
-  <div class="stat"><div class="stat-num">$1,500</div><div class="stat-label">M3 Gross Escrow</div></div>
-  <div class="stat"><div class="stat-num">$5,000</div><div class="stat-label">Phase 2 Budget</div></div>
-</div>
-
-<h2>Three Architectural Decisions Worth Lifting</h2>
-
-<p>These are the choices that took the most thinking and that I'd reuse on the next marketplace platform — listed not because they're novel but because each one quietly avoids a class of bug.</p>
-
-<h3>1. <code>application_fee_amount</code> instead of cart-line platform fee</h3>
-
-<div class="decision">
-  <strong>The Problem:</strong> The naive way to charge a per-ticket platform fee is to add a line item to the cart. That's wrong on a marketplace where each venue is its own MoR — the fee shows up in the venue's taxable revenue, and the venue's accountant has to back it out manually.
-</div>
-
-<p>Using Stripe Connect's <code>application_fee_amount</code> keeps the fee on the <em>platform's</em> Stripe account, off the venue's books, and out of every tax jurisdiction's audit surface. Two-line change. The reason to know about it isn't the code, it's the months of back-office pain it removes.</p>
-
-<h3>2. Native Pretix add-on items, not custom cart math</h3>
-
-<div class="decision">
-  <strong>The Problem:</strong> Phase 2 needs to inject upsells (drink tokens, featured merch) into the buyer flow. The naive way is a parallel cart that re-totals at checkout. That breaks every downstream Pretix invariant: refund math, partial-refund signals, organizer reporting, tax calculation.
-</div>
-
-<p>Modeling the upsells as native Pretix <code>Item</code> add-ons means the existing Phase 1 Stripe Direct Charge math calculates the new totals correctly with zero changes. Same applies for refunds — Pretix's <code>order_canceled</code> / <code>order_refunded</code> signals already know how to attribute partial refunds back to add-on items.</p>
-<p>The general principle: when extending a platform with a plugin model, lean on the platform's native primitives even when they feel verbose. The downstream-invariant cost of going around them is paid forever.</p>
-
-<h3>3. <code>SetupIntent</code> for the waitlist, not stored card-on-file</h3>
-
-<div class="decision">
-  <strong>The Problem:</strong> Phase 2's "never lose a sale" waitlist needs to charge the next buyer when a ticket is returned — possibly hours or days after they joined the waitlist. The naive way is to store a <code>PaymentMethod</code> against the user record.
-</div>
-
-<p>The right way is <code>SetupIntent</code> &rarr; vault <code>setup_intent_id</code> only (not the PaymentMethod, not last4) &rarr; convert to off-session <code>PaymentIntent</code> when a seat frees. PCI scope stays SAQ-A. And the off-session path forces you to handle <code>authentication_required</code> declines (5-15% expected on EU/UK SCA + US 3DS2) with a skip-and-notify fallback — which means the waitlist actually keeps moving instead of stalling on one issuer step-up.</p>
-
-<h2>What I'd tell the next freelance dev shipping a Pretix-plus-Stripe-Connect project</h2>
-
-<div class="takeaway">
-  <strong>Pretix Primitives:</strong> Read the Pretix <code>signals.py</code> source before you write your own. Half the work is already there.
-</div>
-
-<div class="takeaway">
-  <strong>Webhook Idempotency:</strong> Webhook reconciliation isn't optional. Build the <code>StripeWebhookEvent</code> table (event-id PK for idempotency) on day one. It's the dashboard you'll want at 11pm when a venue's first show is selling.
-</div>
-
-<div class="takeaway">
-  <strong>Stripe Terminal Connect:</strong> Stripe Terminal on Connect is a multi-week integration, not a multi-day one. Reader Location registration alone is its own onboarding flow.
-</div>
-
-<h2>What's Next</h2>
-
-<p>Phase 2 ($5K, milestone-scoped — upsells, automated waitlist, box office POS, and webhook reconciliation), then Phase 3 (gamification + SMS marketing) and Phase 4 (self-serve onboarding + PWA scanner).</p>
-
-<div class="decision" style="margin-top:2rem;">
-  <strong>Building a Pretix or Stripe Connect marketplace?</strong>
-  <p style="margin:0.6rem 0 1rem 0;">Book a <strong>$499 architecture diagnostic</strong> — 90-minute review of your Connect topology (Direct Charges vs Destination, MoR placement, <code>application_fee_amount</code> vs cart-line, SetupIntent → off-session conversion, webhook idempotency). You leave with a one-page architecture decision record and a punch list of the 3-5 bugs you'd ship without it.</p>
-  <p style="margin:0;">
-    <a href="https://buy.stripe.com/00w14neyUcXA5pL5e33sI0e" style="background:var(--cyan);color:#06121a;padding:10px 18px;border-radius:6px;font-weight:700;text-decoration:none;display:inline-block;">Book $499 diagnostic →</a>
-    &nbsp;&nbsp;
-    <a href="https://buy.stripe.com/fZu9AT76saPsg4pbCr3sI0f" style="color:var(--cyan);font-weight:600;">or a full $1,500 integration sprint →</a>
-  </p>
-</div>
-
-<p class="meta">— Igor</p>
-
-<hr>
-
-<p class="meta">More build logs: <a href="/learn/from-prototype-to-production">From git init to production</a> · <a href="/learn/agent-harness-pattern">The agent harness pattern</a> · <a href="/learn/mcp-pre-action-checks-explained">MCP pre-action checks explained</a></p>
-
-</main>
-
-</body>
-</html>