thumbgate 1.27.15 → 1.27.16

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "One 👎 becomes a hard rule the agent cannot bypass. Captures thumbs-down feedback, distills it into PreToolUse Pre-Action Checks, enforced across every future Claude Code session.",
-  "version": "1.27.8",
+  "version": "1.27.16",
   "author": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com",

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.27.8",
+  "version": "1.27.16",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate.ai",
   "transport": "stdio",

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.27.8", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.27.16", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.27.8", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.27.16", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -231,7 +231,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.27.8' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.27.16' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.27.8",
+        "thumbgate@1.27.16",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -33,7 +33,7 @@ const os = require('os');
 const path = require('path');
 const crypto = require('crypto');
 const http = require('http');
-const { execSync, execFileSync, execFile, spawn } = require('child_process');
+const { execSync, execFileSync, execFile, spawn, spawnSync } = require('child_process');
 const {
   codexAutoUpdateCliEntry,
   codexAutoUpdateMcpEntry,
@@ -1328,7 +1328,45 @@ function feedbackSelfTest() {
     const memoryId = result.memoryRecord && result.memoryRecord.id;
     const feedbackStored = Boolean(feedbackId && feedbackRows.some((row) => row.id === feedbackId));
     const memoryStored = Boolean(memoryId && memoryRows.some((row) => row.id === memoryId));
-    const ok = Boolean(result.accepted && feedbackStored && memoryStored);
+
+    let hookProbe = null;
+    if (args.hook) {
+      const hookPrompt = args['hook-prompt'] || (
+        normalized === 'down'
+          ? `thumbs down ${context}`
+          : `thumbs up ${context}`
+      );
+      const hookResult = spawnSync(process.execPath, [__filename, 'hook-auto-capture'], {
+        encoding: 'utf8',
+        timeout: 10000,
+        env: {
+          ...process.env,
+          THUMBGATE_FEEDBACK_DIR: paths.FEEDBACK_DIR,
+          THUMBGATE_NO_NUDGE: '1',
+          CLAUDE_USER_PROMPT: hookPrompt,
+        },
+      });
+      const hookFeedbackRows = readJsonlEntries(paths.FEEDBACK_LOG_PATH);
+      const hookMemoryRows = readJsonlEntries(paths.MEMORY_LOG_PATH);
+      const hookLatestFeedback = hookFeedbackRows[hookFeedbackRows.length - 1] || null;
+      const hookLatestMemory = hookMemoryRows[hookMemoryRows.length - 1] || null;
+      hookProbe = {
+        ok: hookResult.status === 0
+          && Boolean(hookLatestFeedback)
+          && hookLatestFeedback.submittedContext === hookPrompt
+          && hookLatestFeedback.actionType !== 'no-action'
+          && Boolean(hookLatestMemory),
+        prompt: hookPrompt,
+        exitCode: hookResult.status,
+        feedbackId: hookLatestFeedback ? hookLatestFeedback.id : null,
+        memoryId: hookLatestMemory ? hookLatestMemory.id : null,
+        actionType: hookLatestFeedback ? hookLatestFeedback.actionType : null,
+        stdoutPreview: String(hookResult.stdout || '').slice(0, 500),
+        stderrPreview: String(hookResult.stderr || '').slice(0, 500),
+      };
+    }
+
+    const ok = Boolean(result.accepted && feedbackStored && memoryStored && (!hookProbe || hookProbe.ok));
 
     const payload = {
       ok,
@@ -1341,6 +1379,7 @@ function feedbackSelfTest() {
       memoryStored,
       isolated,
       feedbackDir: paths.FEEDBACK_DIR,
+      hookProbe,
       nextDogfoodCommand: `npx thumbgate capture --feedback=${normalized} --context=${shellSingleQuote(context)}`,
     };
 
@@ -1353,6 +1392,9 @@ function feedbackSelfTest() {
       console.log(`  Stored lesson: ${memoryId}`);
       console.log(`  Storage      : ${paths.FEEDBACK_DIR}`);
       console.log(`  Mode         : ${isolated ? 'isolated test store' : 'active ThumbGate store'}`);
+      if (hookProbe) {
+        console.log(`  Hook capture : PASS (${hookProbe.feedbackId}, ${hookProbe.memoryId})`);
+      }
       console.log('\nDogfood in chat with:');
       console.log(`  thumbs ${normalized}: ${context}`);
     } else {
@@ -1361,6 +1403,9 @@ function feedbackSelfTest() {
       console.log(`  Accepted       : ${payload.accepted}`);
       console.log(`  Feedback stored: ${feedbackStored}`);
       console.log(`  Memory stored  : ${memoryStored}`);
+      if (hookProbe) {
+        console.log(`  Hook capture   : ${hookProbe.ok ? 'true' : 'false'} (${hookProbe.actionType || 'no-action'})`);
+      }
       console.log(`  Storage        : ${paths.FEEDBACK_DIR}`);
     }
 
@@ -2691,7 +2736,7 @@ function hookAutoCapture() {
     || readStdinText().trim();
   const { evaluatePromptGuard } = require(path.join(PKG_ROOT, 'scripts', 'prompt-guard'));
   const { processInlineFeedback, formatCliOutput } = require(path.join(PKG_ROOT, 'scripts', 'cli-feedback'));
-  const { detectFeedbackSignal } = require(path.join(PKG_ROOT, 'scripts', 'feedback-quality'));
+  const { detectFeedbackSignal, isGenericFeedbackText } = require(path.join(PKG_ROOT, 'scripts', 'feedback-quality'));
   const { loadOptionalModule } = require(path.join(PKG_ROOT, 'scripts', 'private-core-boundary'));
   const { recordConversationEntry, readRecentConversationWindow } = loadOptionalModule(
     path.join(PKG_ROOT, 'scripts', 'feedback-history-distiller'),
@@ -2719,6 +2764,7 @@ function hookAutoCapture() {
   }
 
   const signal = detected.signal;
+  const genericPrompt = isGenericFeedbackText(prompt, signal === 'down' ? 'negative' : 'positive');
   const conversationWindow = readRecentConversationWindow({ limit: 8 });
   const result = processInlineFeedback({
     signal,
@@ -2726,8 +2772,8 @@ function hookAutoCapture() {
     chatHistory: signal === 'down'
       ? conversationWindow.map((entry) => ({ role: entry.author === 'assistant' ? 'assistant' : 'user', content: entry.text || '' }))
       : undefined,
-    whatWentWrong: signal === 'down' ? prompt : undefined,
-    whatWorked: signal === 'up' ? prompt : undefined,
+    whatWentWrong: signal === 'down' && !genericPrompt ? prompt : undefined,
+    whatWorked: signal === 'up' && !genericPrompt ? prompt : undefined,
   });
   process.stdout.write(formatCliOutput(result) + '\n');
 }
@@ -3162,7 +3208,7 @@ const _wantsHelp = _cliSubArgs.includes('--help') || _cliSubArgs.includes('-h');
 const SUBCOMMAND_HELP = {
   capture:       'Usage: npx thumbgate capture --feedback=up|down --context="..." [--what-worked="..."] [--what-went-wrong="..."] [--what-to-change="..."] [--tags=a,b]',
   feedback:      'Usage: npx thumbgate feedback --feedback=up|down --context="..." [--what-worked="..."] [--what-went-wrong="..."] [--what-to-change="..."] [--tags=a,b]',
-  'feedback-self-test': 'Usage: npx thumbgate feedback-self-test [--json] [--persist] [--feedback=up|down]\n\nCapture a synthetic thumbs signal and verify feedback-log + memory-log writes. Defaults to an isolated test store; use --persist to dogfood the active ThumbGate store.',
+  'feedback-self-test': 'Usage: npx thumbgate feedback-self-test [--json] [--persist] [--hook] [--feedback=up|down]\n\nCapture a synthetic thumbs signal and verify feedback-log + memory-log writes. Defaults to an isolated test store; use --hook to also prove UserPromptSubmit-style raw prompt auto-capture.',
   dogfood:       'Usage: npx thumbgate dogfood [--json] [--persist] [--feedback=up|down]\n\nAlias for feedback-self-test.',
   stats:         'Usage: npx thumbgate stats\n\nShow gate enforcement statistics: blocked/warned counts, active gates, time saved.',
   trial:         'Usage: npx thumbgate trial\n\nShow Pro trial status, remaining days, and upgrade path.',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.27.15",
+  "version": "1.27.16",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate.ai",
   "repository": {
@@ -106,6 +106,7 @@
     "scripts/growth-campaigns.js",
     "scripts/harness-selector.js",
     "scripts/hf-papers.js",
+    "scripts/hob-pack.js",
     "scripts/hook-runtime.js",
     "scripts/hook-stop-anti-claim.js",
     "scripts/hook-thumbgate-cache-updater.js",
@@ -146,6 +147,7 @@
     "scripts/natural-language-harness.js",
     "scripts/noop-detect.js",
     "scripts/obsidian-export.js",
+    "scripts/omlx-smoke.js",
     "scripts/operational-integrity.js",
     "scripts/oss-pr-opportunity-scout.js",
     "scripts/otel-declarative-config.js",
@@ -312,12 +314,17 @@
     "stripe:live": "node scripts/stripe-live-status.js",
     "stripe:webhook:audit": "node scripts/rotate-stripe-webhook-secret.js --audit",
     "stripe:webhook:disable-legacy": "node scripts/rotate-stripe-webhook-secret.js --disable-legacy",
+    "omlx:smoke": "node scripts/omlx-smoke.js",
+    "omlx:smoke:chat": "node scripts/omlx-smoke.js --chat",
+    "omlx:smoke:json": "node scripts/omlx-smoke.js --json",
     "zai:smoke": "node scripts/zai-smoke.js",
     "gtm:revenue-loop": "node scripts/autonomous-sales-agent.js",
     "gtm:aiventyx": "node scripts/aiventyx-marketplace-plan.js",
     "gtm:chatgpt": "node scripts/chatgpt-gpt-revenue-pack.js",
     "gtm:codex": "node scripts/codex-marketplace-revenue-pack.js",
     "gtm:linkedin": "node scripts/linkedin-workflow-hardening-pack.js",
+    "gtm:hob-pack": "node scripts/hob-pack.js",
+    "gtm:hob-pack:write": "node scripts/hob-pack.js --write",
     "gtm:okara-automation": "node scripts/okara-money-promo-automation.js",
     "gtm:okara-automation:write": "node scripts/okara-money-promo-automation.js --write",
     "gtm:roo-sunset": "node scripts/roo-sunset-demand-pack.js",
@@ -378,7 +385,7 @@
     "social:prospect:bluesky": "node scripts/social-bluesky-prospecting.js",
     "social:prospect:bluesky:dry": "node scripts/social-bluesky-prospecting.js --dry-run",
     "social:reply-publish:bluesky:dry": "node scripts/social-reply-monitor-bluesky.js --publish-approved --dry-run",
-    "test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:repeat-metric && npm run test:noop-detect && npm run test:action-receipts && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:mcp-tool-annotations && npm run test:mcp-oauth && npm run test:mcp-oauth-flow && npm run test:plan-gate && npm run test:ai-component-inventory && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:statusline-cache-aggregate && npm run test:public-repo-hygiene && npm run test:no-internal-orchestration-leaks && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:lesson-semantic-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:predictive-credible-range && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:pricing-page-telemetry && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:activation-onboarding && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture && npm run test:install-shim && npm run test:hook-runtime-subcommands && npm run test:implementation-notes && npm run test:daily-block-cap && npm run test:free-to-paid-conversion-units && npm run test:metrics-real-endpoint && npm run test:cli-trial-and-help && npm run test:cost-cli && npm run test:silent-failure-cluster && npm run test:proof:truth && node --test tests/adaptive-reliability.test.js && npm run test:mcp-oauth-reviewer && npm run test:dfcx-gate && npm run test:dfcx-gate-server && npm run test:vertex-scorer && npm run test:dashboard-chat && npm run test:gitar-integration && npm run test:secret-redaction && npm run test:discoverable-skills && npm run test:discoverable-skill-skills && npm run test:sync-telemetry && npm run test:leak-scanner && npm run test:team-sync && npm run test:eval-rag && npm run test:async-eval-observability && npm run test:letta-adapter && npm run test:policy-engine-adapter && npm run test:tool-contract-validator && npm run test:check-update && npm run test:hermes-gate && npm run test:memory-provider-enforcement-bridge && npm run test:publisher-credential-guards && npm run test:reddit-browser-notification-watch && npm run test:payment-rails",
+    "test": "npm run test:python && npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:post-everywhere-channels && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:repeat-metric && npm run test:noop-detect && npm run test:action-receipts && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:memory-scope-readiness && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operational-dashboard && npm run test:operator-artifacts && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:mcp-tool-annotations && npm run test:mcp-oauth && npm run test:mcp-oauth-flow && npm run test:plan-gate && npm run test:ai-component-inventory && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:audit-pr-bot-contamination && npm run test:stripe-bootstrap-saas-catalog && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:statusline-cache-aggregate && npm run test:public-repo-hygiene && npm run test:no-internal-orchestration-leaks && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:lesson-semantic-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:predictive-credible-range && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:lesson-canonical && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-archived-product-guard && npm run test:postgres-guard && npm run test:checkout-bot-guard && npm run test:checkout-pro-confirmation-gate && npm run test:pricing-page-telemetry && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:telemetry-tracked-link-slug && npm run test:prompt-eval && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:numbers-page && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:competitive-positioning-marketing && npm run test:medium-weekly && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:agent-reasoning-traces && npm run test:judge-reward && npm run test:llm-behavior-monitor && npm run test:prompting-os && npm run test:single-use-credential-gate && npm run test:structured-prompt-driven && npm run test:require-evidence-gate && npm run test:rule-validator && npm run test:bluesky-atproto && npm run test:social-reply-monitor-bluesky && npm run test:bluesky-delete-replies && npm run test:architect-kit-memory-bridge && npm run test:sonar-review-hotspots && npm run test:actionable-remediations && npm run test:gemini-embedding-policy && npm run test:agent-design-governance && npm run test:public-core-boundary && npm run test:hook-stop-verify-deploy && npm run test:hook-stop-anti-claim && npm run test:plausible-server-events && npm run test:activation-tracker && npm run test:activation-onboarding && npm run test:unified-revenue-rollup && npm run test:conversion-rate-stats && npm run test:external-customer-audit && npm run test:telemetry-export && npm run test:stripe-checkout-diagnostic && npm run test:stripe-business-identity-probe && npm run test:revenue-observability-doctor && npm run test:public-bundle-ratchet && npm run test:stripe-payment-link-update && npm run test:ci-cd-hygiene-audit && npm run test:verify-marketing-pages-deployed && npm run test:install-email-capture && npm run test:install-shim && npm run test:hook-runtime-subcommands && npm run test:implementation-notes && npm run test:daily-block-cap && npm run test:free-to-paid-conversion-units && npm run test:metrics-real-endpoint && npm run test:cli-trial-and-help && npm run test:cost-cli && npm run test:silent-failure-cluster && npm run test:proof:truth && node --test tests/adaptive-reliability.test.js && npm run test:mcp-oauth-reviewer && npm run test:dfcx-gate && npm run test:dfcx-gate-server && npm run test:vertex-scorer && npm run test:dashboard-chat && npm run test:gitar-integration && npm run test:secret-redaction && npm run test:discoverable-skills && npm run test:discoverable-skill-skills && npm run test:sync-telemetry && npm run test:leak-scanner && npm run test:team-sync && npm run test:eval-rag && npm run test:async-eval-observability && npm run test:letta-adapter && npm run test:policy-engine-adapter && npm run test:tool-contract-validator && npm run test:check-update && npm run test:hermes-gate && npm run test:memory-provider-enforcement-bridge && npm run test:publisher-credential-guards && npm run test:reddit-browser-notification-watch && npm run test:payment-rails && npm run test:cursor-marketplace-doctor && npm run test:okara-money-promo-automation",
     "test:python": "python3 -m pytest tests/*.py",
     "test:check-update": "node --test tests/check-update.test.js",
     "test:hook-stop-verify-deploy": "node --test tests/hook-stop-verify-deploy.test.js",
@@ -653,6 +660,7 @@
     "test:ai-search-visibility": "node --test tests/ai-search-visibility.test.js",
     "test:security-scanner": "node --test tests/security-scanner.test.js",
     "test:llm-client": "node --test tests/llm-client.test.js",
+    "test:omlx-smoke": "node --test tests/omlx-smoke.test.js",
     "test:model-candidates": "node --test tests/model-candidates.test.js",
     "test:managed-lesson-agent": "node --test tests/managed-lesson-agent.test.js",
     "agent:run": "node scripts/managed-lesson-agent.js",
@@ -689,12 +697,13 @@
     "test:gate-coherence": "node --test tests/gate-coherence.test.js",
     "test:gate-eval": "node --test tests/gate-eval.test.js",
     "gate-eval:ci": "node scripts/gate-eval.js run",
+    "test:hob-pack": "node --test tests/hob-pack.test.js",
     "test:ai-engineering-stack-guardrails": "node --test tests/ai-engineering-stack-guardrails.test.js",
     "test:ai-component-inventory": "node --test tests/ai-component-inventory.test.js",
     "test:interaction-model": "node --test tests/interaction-model.test.js tests/interaction-model-e2e.test.js",
     "aws-blocks:guardrails": "node scripts/aws-blocks-guardrails.js",
     "test:aws-blocks-guardrails": "node --test tests/aws-blocks-guardrails.test.js",
-    "test:high-roi": "node --test tests/high-roi.test.js tests/model-candidates.test.js tests/autonomous-workflow.test.js tests/high-roi-agent-workflows.test.js tests/interaction-model.test.js tests/interaction-model-e2e.test.js tests/code-graph-guardrails.test.js tests/proxy-pointer-rag-guardrails.test.js tests/rag-precision-guardrails.test.js tests/ai-engineering-stack-guardrails.test.js tests/long-running-agent-context-guardrails.test.js tests/reasoning-efficiency-guardrails.test.js tests/deepseek-v4-runtime-guardrails.test.js tests/upstream-contribution-engine.test.js tests/proactive-agent-eval-guardrails.test.js tests/reward-hacking-guardrails.test.js tests/chatgpt-ads-readiness-pack.test.js tests/oss-pr-opportunity-scout.test.js tests/agent-design-governance.test.js tests/gemini-embedding-policy.test.js tests/openclaw-agent-governance-kit.test.js tests/agent-operations-planner.test.js tests/aws-blocks-guardrails.test.js",
+    "test:high-roi": "node --test tests/high-roi.test.js tests/model-candidates.test.js tests/autonomous-workflow.test.js tests/high-roi-agent-workflows.test.js tests/interaction-model.test.js tests/interaction-model-e2e.test.js tests/code-graph-guardrails.test.js tests/proxy-pointer-rag-guardrails.test.js tests/rag-precision-guardrails.test.js tests/ai-engineering-stack-guardrails.test.js tests/long-running-agent-context-guardrails.test.js tests/reasoning-efficiency-guardrails.test.js tests/deepseek-v4-runtime-guardrails.test.js tests/upstream-contribution-engine.test.js tests/proactive-agent-eval-guardrails.test.js tests/reward-hacking-guardrails.test.js tests/chatgpt-ads-readiness-pack.test.js tests/oss-pr-opportunity-scout.test.js tests/agent-design-governance.test.js tests/gemini-embedding-policy.test.js tests/openclaw-agent-governance-kit.test.js tests/agent-operations-planner.test.js tests/aws-blocks-guardrails.test.js tests/hob-pack.test.js",
     "test:public-static-assets": "node --test tests/public-static-assets.test.js",
     "test:token-savings": "node --test tests/token-savings.test.js",
     "test:cost-cli": "node --test tests/cost-cli.test.js tests/conversion-receipt.test.js",

package/public/index.html

@@ -20,7 +20,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:image" content="https://thumbgate.ai/og.png">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://thumbgate.ai/og.png">
-<meta name="thumbgate-version" content="1.27.8">
+<meta name="thumbgate-version" content="1.27.16">
 <meta name="keywords" content="ThumbGate, thumbgate, AI agent orchestration, AI experience orchestration, agentic development cycle, AC/DC framework, Guide Generate Verify Solve, agent enforcement layer, save LLM tokens, reduce Claude API cost, reduce OpenAI cost, AI agent token savings, prevent LLM retries, prevent hallucination retries, stop AI token waste, pre-action checks, agent governance, Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, workflow hardening, context engineering, AI authenticity, brand authenticity AI">
 <link rel="canonical" href="__APP_ORIGIN__/">
 <link rel="alternate" type="text/markdown" title="ThumbGate LLM context" href="__APP_ORIGIN__/llm-context.md">
@@ -1815,7 +1815,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.27.8</span>
+    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.27.16</span>
   </div>
 </footer>
 

package/public/numbers.html

@@ -25,7 +25,7 @@
   "alternateName": "thumbgate",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
-  "softwareVersion": "1.27.8",
+  "softwareVersion": "1.27.16",
   "url": "https://thumbgate.ai/numbers",
   "dateModified": "2026-05-07",
   "creator": {
@@ -202,7 +202,7 @@
 <main class="container">
   <h1>The Numbers</h1>
   <p class="subtitle">Generated first-party operational snapshot from the ThumbGate runtime. This is not customer traction, install volume, revenue, or proof that a configured gate has fired.</p>
-  <div class="freshness">Updated: 2026-05-07 · Version 1.27.8</div>
+  <div class="freshness">Updated: 2026-05-07 · Version 1.27.16</div>
   <div class="truth-note"><strong>Read this first:</strong> configured checks are inventory. Recorded blocks and warnings are usage evidence. This snapshot currently reports 0 recorded hard-block event(s) and 0 recorded warning event(s).</div>
 
   <h2>Gate enforcement</h2>

package/scripts/cli-feedback.js

@@ -14,6 +14,7 @@
  */
 
 const { captureFeedback } = require('./feedback-loop');
+const { isGenericFeedbackText, normalizeFeedbackSignal } = require('./feedback-quality');
 const { loadOptionalModule } = require('./private-core-boundary');
 // `history-distiller` is a PRIVATE_CORE_MODULE — present in this checkout and
 // in ThumbGate-Core, but intentionally excluded from the public npm tarball.
@@ -47,15 +48,21 @@ const RST = '\x1b[0m';
  */
 function processInlineFeedback({ signal, context, chatHistory, whatWentWrong, whatWorked } = {}) {
   const isDown = signal === 'down' || signal === 'negative';
+  const normalizedQualitySignal = normalizeFeedbackSignal(isDown ? 'down' : 'up');
+  const providedContext = String(context || '').trim();
+  const genericContext = isGenericFeedbackText(providedContext, normalizedQualitySignal);
+  const effectiveWhatWentWrong = whatWentWrong || (isDown && providedContext && !genericContext ? providedContext : undefined);
+  const effectiveWhatWorked = whatWorked || (!isDown && providedContext && !genericContext ? providedContext : undefined);
 
   // 1. Capture the feedback
   let feedbackResult;
   try {
     feedbackResult = captureFeedback({
       signal: isDown ? 'down' : 'up',
-      context: context || (isDown ? 'Thumbs down from CLI' : 'Thumbs up from CLI'),
-      whatWentWrong: whatWentWrong || undefined,
-      whatWorked: whatWorked || undefined,
+      context: providedContext,
+      chatHistory,
+      whatWentWrong: effectiveWhatWentWrong,
+      whatWorked: effectiveWhatWorked,
     });
   } catch (err) {
     feedbackResult = { accepted: false, reason: err.message };
@@ -97,7 +104,10 @@ function formatCliOutput(result) {
       process.stderr.write(`✅ Feedback captured (${feedbackId}${memoryId ? `, ${memoryId}` : ''})\n`);
     }
   } else {
-    lines.push(`${R}Feedback not accepted: ${(result.feedbackResult && result.feedbackResult.reason) || 'unknown'}${RST}`);
+    const clarification = result.feedbackResult && result.feedbackResult.needsClarification
+      ? ` ${result.feedbackResult.prompt || result.feedbackResult.message || ''}`.trimEnd()
+      : '';
+    lines.push(`${R}Feedback not accepted: ${(result.feedbackResult && result.feedbackResult.reason) || 'unknown'}${clarification ? ` — ${clarification}` : ''}${RST}`);
   }
 
   // Distilled lesson (if thumbs down)