thumbgate 1.3.0 → 1.4.0

package/.claude-plugin/marketplace.json

@@ -1,23 +1,42 @@
 {
-  "name": "thumbgate",
-  "version": "1.3.0",
+  "name": "thumbgate-marketplace",
+  "version": "1.4.0",
+  "owner": {
+    "name": "Igor Ganapolsky",
+    "email": "ig5973700@gmail.com"
+  },
   "plugins": [
     {
       "name": "thumbgate",
       "description": "Pre-action gates that block AI coding agents from repeating known mistakes. Captures feedback, auto-promotes failures into prevention rules, and enforces them via PreToolUse hooks.",
-      "type": "mcp",
       "source": {
-        "type": "npm",
-        "package": "thumbgate",
-        "command": "npx",
-        "args": [
-          "--yes",
-          "--package",
-          "thumbgate",
-          "thumbgate",
-          "serve"
-        ]
+        "source": "npm",
+        "package": "thumbgate"
       },
+      "version": "1.3.0",
+      "author": {
+        "name": "Igor Ganapolsky"
+      },
+      "homepage": "https://thumbgate-production.up.railway.app",
+      "repository": "https://github.com/IgorGanapolsky/ThumbGate",
+      "license": "MIT",
+      "category": "developer-tools",
+      "tags": [
+        "pre-action-gates",
+        "ai-agent-safety",
+        "mcp",
+        "memory",
+        "workflow-hardening"
+      ],
+      "keywords": [
+        "claude-desktop",
+        "desktop-extension",
+        "pre-action-gates",
+        "ai-agent-safety",
+        "mcp",
+        "memory",
+        "workflow-hardening"
+      ],
       "metadata": {
         "author": "Igor Ganapolsky",
         "homepage": "https://thumbgate-production.up.railway.app",

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "Pre-action gates that block AI coding agents from repeating known mistakes. Captures feedback, auto-promotes failures into prevention rules, and enforces them via PreToolUse hooks.",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "author": {
     "name": "Igor Ganapolsky"
   },
@@ -17,5 +17,18 @@
     "memory",
     "guardrails",
     "workflow-hardening"
-  ]
+  ],
+  "skills": "skills",
+  "mcpServers": {
+    "thumbgate": {
+      "command": "npx",
+      "args": [
+        "--yes",
+        "--package",
+        "thumbgate",
+        "thumbgate",
+        "serve"
+      ]
+    }
+  }
 }

package/.well-known/llms.txt

@@ -0,0 +1,60 @@
+# ThumbGate — Pre-action gates for AI coding agents
+# https://thumbgate-production.up.railway.app
+# https://github.com/IgorGanapolsky/ThumbGate
+# https://www.npmjs.com/package/thumbgate
+
+> ThumbGate makes AI coding agents self-improving. Every mistake becomes
+> a prevention rule that physically blocks the agent from repeating it.
+> Feedback-driven enforcement via PreToolUse hooks.
+
+## What ThumbGate solves
+
+- AI coding agents repeat the same mistakes across sessions
+- CLAUDE.md and .cursorrules files are suggestions agents can ignore
+- No memory between sessions means no learning from corrections
+- Teams have no shared safety rules across developers
+
+## How it works
+
+1. Agent makes a mistake → developer gives thumbs-down
+2. ThumbGate captures context and infers a structured lesson
+3. Recurring failures get promoted to enforcement gates
+4. PreToolUse hooks block the pattern before it executes again
+5. Thompson Sampling adapts gate confidence over time
+
+## Who it's for
+
+- Developers using Claude Code, Cursor, Codex, Gemini CLI, or any MCP-compatible agent
+- Engineering teams that need shared agent safety rules
+- Anyone tired of re-correcting their AI coding assistant
+
+## Install
+
+```
+npx thumbgate init --agent claude-code
+```
+
+## Pricing
+
+- Free: 3 feedback captures/day, 5 lesson searches/day, 5 built-in gates
+- Pro: $19/mo or $149/yr — unlimited everything, auto-gate promotion, multi-repo sync
+- Founding Member: $49 one-time, Pro forever
+
+## Links
+
+- Documentation: https://thumbgate-production.up.railway.app/guide
+- Dashboard: https://thumbgate-production.up.railway.app/dashboard
+- GitHub: https://github.com/IgorGanapolsky/ThumbGate
+- npm: https://www.npmjs.com/package/thumbgate
+- Full LLM context: https://thumbgate-production.up.railway.app/public/llm-context.md
+
+## Compared to alternatives
+
+- vs CLAUDE.md: ThumbGate enforces rules via hooks, not suggestions in prompts
+- vs Mem0: ThumbGate is enforcement-first, not just memory storage
+- vs SpecLock: ThumbGate uses adaptive Thompson Sampling, not static rules
+- vs manual .cursorrules: ThumbGate auto-generates rules from feedback
+
+## Technical stack
+
+Node.js >=18.18, SQLite+FTS5 lesson DB, Thompson Sampling, LanceDB vectors, MCP protocol, PreToolUse hooks

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://github.com/IgorGanapolsky/thumbgate",
   "transport": "stdio",

package/README.md

@@ -1,16 +1,18 @@
 # ThumbGate
 
-Make your AI coding agent self-improving. ThumbGate turns thumbs-up and thumbs-down into a learned control plane for autonomous development: pre-action gates, a trained intervention policy, workflow governance, and isolated execution guidance for high-risk runs.
+Make your AI coding agent self-improving — and authentically yours. ThumbGate turns thumbs-up and thumbs-down into a learned control plane for autonomous development: pre-action gates, a trained intervention policy, workflow governance, and isolated execution guidance for high-risk runs. Every gate enforces your team's actual standards, not generic AI patterns.
 
 [![CI](https://github.com/IgorGanapolsky/ThumbGate/actions/workflows/ci.yml/badge.svg)](https://github.com/IgorGanapolsky/ThumbGate/actions/workflows/ci.yml)
 [![npm](https://img.shields.io/npm/v/thumbgate)](https://www.npmjs.com/package/thumbgate)
 [![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)
 [![Start Sprint](https://img.shields.io/badge/Workflow%20Hardening%20Sprint-Start%20Intake%20→-16a34a?style=for-the-badge)](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=badge_cta#workflow-sprint-intake)
 
-**[Workflow Hardening Sprint](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=top_cta#workflow-sprint-intake)** · **[Pro Page](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page)** · **[Live Dashboard](https://thumbgate-production.up.railway.app/dashboard?utm_source=github&utm_medium=readme&utm_campaign=top_cta)** · **[Setup Guide](https://thumbgate-production.up.railway.app/guide?utm_source=github&utm_medium=readme&utm_campaign=top_cta)**
+**[Workflow Hardening Sprint](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=top_cta#workflow-sprint-intake)** · **[Live Dashboard](https://thumbgate-production.up.railway.app/dashboard?utm_source=github&utm_medium=readme&utm_campaign=top_cta)** · **[Setup Guide](https://thumbgate-production.up.railway.app/guide?utm_source=github&utm_medium=readme&utm_campaign=top_cta)** · **[Install Codex Plugin](https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip)** · **[Pro Page](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page)**
 
 **Popular buyer questions:** **[How to stop repeated AI agent mistakes](https://thumbgate-production.up.railway.app/guides/stop-repeated-ai-agent-mistakes?utm_source=github&utm_medium=readme&utm_campaign=buyer_questions)** · **[Cursor guardrails](https://thumbgate-production.up.railway.app/guides/cursor-agent-guardrails?utm_source=github&utm_medium=readme&utm_campaign=buyer_questions)** · **[Codex CLI guardrails](https://thumbgate-production.up.railway.app/guides/codex-cli-guardrails?utm_source=github&utm_medium=readme&utm_campaign=buyer_questions)** · **[Gemini CLI memory + enforcement](https://thumbgate-production.up.railway.app/guides/gemini-cli-feedback-memory?utm_source=github&utm_medium=readme&utm_campaign=buyer_questions)**
 
+**Running Codex?** **[Download the standalone Codex plugin bundle](https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip)** · **[Open the Codex install guide](plugins/codex-profile/INSTALL.md)**
+
 ### Get Started
 
 **Best first paid motion for teams:** the **Workflow Hardening Sprint**.
@@ -19,11 +21,16 @@ Make your AI coding agent self-improving. ThumbGate turns thumbs-up and thumbs-d
 
 One workflow. One owner. One proof review. That is the fastest path to a paid team engagement because it qualifies a real blocker before anyone tries to sell a full rollout.
 
-**Self-serve for individual operators:** [ThumbGate Pro](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page) is the paid lane for the personal local dashboard, DPO export, and review-ready evidence.
+**Best first technical motion:** install the local CLI and let `init` wire the hooks and MCP transport for the agent you already use.
+
+**Best first Codex motion:** install the published Codex plugin bundle if you want ThumbGate to show up as a first-class Codex plugin instead of wiring MCP by hand.
+
+- Standalone download: `https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip`
+- Install guide: `plugins/codex-profile/INSTALL.md`
 
-Free stays for individual developers. Pro is **$19/mo or $149/yr** for solo operators. Team pricing anchors at **$12/seat/mo with a 3-seat minimum**, but the public Team path remains intake-first through the sprint. [See pricing →](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=pricing_link#pricing)
+Free stays for individual developers. The commercial path is enterprise-first: Team pricing anchors at **$99/seat/mo with a 3-seat minimum**, and the public paid motion starts with the Workflow Hardening Sprint so one blocker gets qualified before a wider rollout. [See pricing →](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=pricing_link#pricing)
 
-**Paid path for individual operators:** [ThumbGate Pro](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page) is the buyer-ready page for the personal local dashboard, DPO export, and review-ready evidence. It makes the paid upgrade legible before checkout while the self-hosted path below stays optimized for open source evaluation.
+**Paid path for individual operators:** [ThumbGate Pro](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=pro_page) remains the self-serve side lane for the personal local dashboard, DPO export, and review-ready evidence. It is useful when one operator wants proof and debugging help without the team rollout motion.
 
 **Open Source (Self-Hosted):**
 
@@ -39,6 +46,7 @@ ThumbGate is the control plane for AI coding agents:
 - Workflow Sentinel scores blast radius before execution, so risky PR, release, and publish flows are visible early.
 - High-risk local actions can be routed into Docker Sandboxes, while hosted team automations use a signed isolated sandbox lane.
 - Team rollout stays tied to [Verification Evidence](docs/VERIFICATION_EVIDENCE.md) instead of trust-me operator claims.
+- AI agent outputs stay grounded in your team's actual standards — not generic patterns — because every gate enforces human judgment before the action executes.
 
 ## Release Confidence
 
@@ -92,6 +100,32 @@ Session 3:                           Session 3+:
    │                        │                            │
 ```
 
+## Use Cases
+
+- **Stop AI agent force-push to main** — Prevent lost commits with a pre-action gate that blocks `git push --force` on protected branches
+- **Prevent repeated database migration failures** — Each mistake becomes a searchable lesson that fires before the next migration attempt
+- **Block unauthorized file edits** — Control which files agents can modify with path-based gates
+- **Memory across sessions** — Agent remembers feedback from yesterday's mistakes without any manual rule-writing
+- **Shared team safety** — One developer's thumbs-down protects the whole team from the same mistake
+- **Auto-improving without human feedback** — Self-distillation mode evaluates agent outcomes and generates lessons automatically
+
+## FAQ
+
+**Is ThumbGate a model fine-tuning tool?**
+No. ThumbGate doesn't update model weights. It works by capturing feedback into structured lessons, injecting relevant context at runtime, and blocking bad actions via PreToolUse hooks.
+
+**How is this different from CLAUDE.md or .cursorrules?**
+CLAUDE.md files are suggestions that agents can ignore. ThumbGate gates are enforcement — they physically block the action before it executes via PreToolUse hooks. Gates also auto-generate from feedback instead of requiring manual rule-writing.
+
+**Does it work with my agent?**
+Yes. ThumbGate is MCP-compatible and works with Claude Code, Cursor, Codex, Gemini CLI, Amp, OpenCode, and any agent that supports PreToolUse hooks or MCP. Codex now has a standalone plugin bundle at `https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip` in addition to the repo-local profile.
+
+**What's the self-distillation mode?**
+ThumbGate can auto-evaluate agent action outcomes (test failures, reverted edits, error patterns) and generate prevention rules without any human feedback. Your agent gets smarter every session automatically.
+
+**Is it free?**
+Free tier: 3 feedback captures/day, 5 lesson searches/day, 5 built-in gates. Pro is $19/mo or $149/yr for solo operators who need the personal local dashboard and exports. Team rollout starts intake-first at $99/seat/mo with a 3-seat minimum when shared lessons, org visibility, and approval boundaries matter.
+
 ## The Loop
 
 ```
@@ -105,6 +139,8 @@ Session 3:                           Session 3+:
 
 ## Quick Start (Self-Hosted)
 
+ThumbGate is CLI-first. MCP is the compatibility transport, and `npx thumbgate init` wires it for the agent instead of making the transport the product.
+
 ```bash
 npx thumbgate init                                    # auto-detect agent + wire hooks
 npx thumbgate doctor                                  # health check
@@ -116,10 +152,63 @@ Or wire MCP directly: `claude mcp add thumbgate -- npx -y thumbgate serve`
 
 Works with **Claude Code, Cursor, Codex, Gemini, Amp, OpenCode**, and any MCP-compatible agent.
 
-> **Need shared enforcement, auditability, and rollout proof for a team workflow?** [Start with the Workflow Hardening Sprint →](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=quickstart_cta#workflow-sprint-intake)
+Codex standalone plugin bundle: `https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip`
+
+Codex install guide: `plugins/codex-profile/INSTALL.md`
+
+> **Need shared enforcement, auditability, approval boundaries, and rollout proof for a team workflow?** [Start with the Workflow Hardening Sprint →](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=quickstart_cta#workflow-sprint-intake)
 >
 > **Need a personal dashboard and DPO export for yourself?** [See ThumbGate Pro →](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=quickstart_cta_pro)
 
+## Install for Your Agent
+
+### Claude Code
+```bash
+npx thumbgate init --agent claude-code
+```
+Wires PreToolUse hooks automatically. Works immediately.
+
+### Cursor
+```bash
+npx thumbgate init --agent cursor
+```
+Installs as a Cursor extension with 4 skills: capture-feedback, prevention-rules, search-lessons, recall-context.
+
+### Codex
+```bash
+npx thumbgate init --agent codex
+```
+Bridges to Codex CLI with 6 skills including adversarial review and second-pass analysis.
+
+### Gemini CLI
+```bash
+npx thumbgate init --agent gemini
+```
+
+### Amp
+```bash
+npx thumbgate init --agent amp
+```
+
+### Any MCP-Compatible Agent
+```bash
+npx thumbgate serve
+```
+Starts the MCP server on stdio. Connect from any MCP-compatible client.
+
+### Claude Desktop
+Add to your `claude_desktop_config.json`:
+```json
+{
+  "mcpServers": {
+    "thumbgate": {
+      "command": "npx",
+      "args": ["--yes", "thumbgate", "serve"]
+    }
+  }
+}
+```
+
 ## Built-in Gates
 
 ```
@@ -151,28 +240,28 @@ History-aware distillation turns vague negative signals into concrete lessons. I
 
 Free and self-hosted users can invoke `search_lessons` directly through MCP, and via the CLI with `npx thumbgate lessons`.
 
-## Pricing
+## Buying Paths
 
 ```
-┌──────────────┬──────────────────────┬──────────────────────────────┐
-│    FREE      │ PRO $19/mo or $149/yr│   TEAM $12/seat/mo (min 3)   │
-├──────────────┼──────────────────────┼──────────────────────────────┤
-│ Unlimited    │ Unlimited feedback │ Shared hosted lesson DB      │
-│ feedback     │ captures + search  │ Org dashboard                │
-│ captures     │ DPO export         │ Gate template library         │
-│ 3 captures   │ Personal dashboard │ Isolated execution guidance   │
-│ 5 lesson     │                    │                              │
-│ searches/day │                    │                              │
-└──────────────┴────────────────────┴──────────────────────────────┘
+┌──────────────┬──────────────────────────────┬──────────────────────┐
+│    FREE      │   TEAM $99/seat/mo (min 3)   │ PRO $19/mo or $149/yr│
+├──────────────┼──────────────────────────────┼──────────────────────┤
+│ Local CLI    │ Workflow hardening sprint    │ Personal dashboard   │
+│ enforcement  │ Shared hosted lesson DB      │ DPO export           │
+│ 3 captures   │ Org dashboard                │ Review-ready exports │
+│ 5 searches   │ Approval + audit proof       │                      │
+│ Unlimited    │ Isolated execution guidance  │                      │
+│ recall       │                              │                      │
+└──────────────┴──────────────────────────────┴──────────────────────┘
 ```
 
-Free includes 3 daily feedback captures, 5 daily lesson searches, unlimited recall, and gating. History-aware distillation turns vague feedback into concrete lessons, and feedback sessions (`open_feedback_session` → `append_feedback_context` → `finalize_feedback_session`) keep later clarification linked to one record. The current Claude auto-capture path uses up to 8 prior recorded entries for vague thumbs-down signals; the follow-up session stays open for 60 seconds and resets when more context is appended.
+Free is the CLI-first adoption wedge: 3 daily feedback captures, 5 daily lesson searches, unlimited recall, and gating. History-aware distillation turns vague feedback into concrete lessons, and feedback sessions (`open_feedback_session` → `append_feedback_context` → `finalize_feedback_session`) keep later clarification linked to one record. The current Claude auto-capture path uses up to 8 prior recorded entries for vague thumbs-down signals; the follow-up session stays open for 60 seconds and resets when more context is appended.
 
 It does not update model weights in frontier LLMs. ThumbGate improves runtime behavior by training a local sidecar intervention policy from feedback, gate audits, and diagnostics, then using that policy to strengthen recall, verification, and enforcement decisions on future runs.
 
-The fastest commercial path is not a generic self-serve subscription pitch. It is the Workflow Hardening Sprint: qualify one repeated failure in one valuable workflow, prove the control plane on that surface, then expand into Team seats when shared enforcement matters.
+The fastest commercial path is not a generic self-serve subscription pitch. It is the Workflow Hardening Sprint: qualify one repeated failure in one valuable workflow, prove the control plane on that surface, then expand into Team seats when shared enforcement matters. Pro stays available as the side lane for a solo operator who needs a personal dashboard and export-ready evidence, but it is not the headline buying motion.
 
-**[Start Workflow Hardening Sprint](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=team_rollout#workflow-sprint-intake)** | **[Get Pro](https://thumbgate-production.up.railway.app/checkout/pro?utm_source=github&utm_medium=readme&utm_campaign=thumbgate)** | **[Live Dashboard](https://thumbgate-production.up.railway.app/dashboard?utm_source=github&utm_medium=readme&utm_campaign=thumbgate)**
+**[Start Workflow Hardening Sprint](https://thumbgate-production.up.railway.app/?utm_source=github&utm_medium=readme&utm_campaign=team_rollout#workflow-sprint-intake)** | **[Live Dashboard](https://thumbgate-production.up.railway.app/dashboard?utm_source=github&utm_medium=readme&utm_campaign=thumbgate)** | **[See Pro](https://thumbgate-production.up.railway.app/pro?utm_source=github&utm_medium=readme&utm_campaign=thumbgate)**
 
 ## Tech Stack
 

package/adapters/README.md

@@ -3,7 +3,7 @@
 - `chatgpt/openapi.yaml`: import into GPT Actions.
 - `gemini/function-declarations.json`: Gemini function-calling definitions.
 - `mcp/server-stdio.js`: underlying local MCP stdio server implementation.
-- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.3.0 thumbgate serve`.
+- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.4.0 thumbgate serve`.
 - `codex/config.toml`: example Codex MCP profile section using the same version-pinned portable launcher.
 - `amp/skills/thumbgate-feedback/SKILL.md`: Amp skill template.
 - `opencode/opencode.json`: portable OpenCode MCP profile using the same version-pinned portable launcher.

package/adapters/chatgpt/openapi.yaml

@@ -814,6 +814,98 @@ paths:
           description: Invalid dashboard render view or query
         '401':
           description: Unauthorized
+  /v1/decisions/evaluate:
+    post:
+      operationId: evaluateDecision
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required: [toolName]
+              properties:
+                toolName:
+                  type: string
+                command:
+                  type: string
+                filePath:
+                  type: string
+                changedFiles:
+                  type: array
+                  items:
+                    type: string
+                repoPath:
+                  type: string
+                baseBranch:
+                  type: string
+                requirePrForReleaseSensitive:
+                  type: boolean
+                requireVersionNotBehindBase:
+                  type: boolean
+      responses:
+        '200':
+          description: Persisted workflow-sentinel recommendation with decision-control metadata and actionId
+          content:
+            application/json:
+              schema:
+                type: object
+                additionalProperties: true
+        '400':
+          description: Invalid decision evaluation request
+        '401':
+          description: Unauthorized
+  /v1/decisions/outcome:
+    post:
+      operationId: recordDecisionOutcome
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required: [actionId, outcome]
+              properties:
+                actionId:
+                  type: string
+                outcome:
+                  type: string
+                actualDecision:
+                  type: string
+                actor:
+                  type: string
+                notes:
+                  type: string
+                latencyMs:
+                  type: number
+                metadata:
+                  type: object
+                  additionalProperties: true
+      responses:
+        '200':
+          description: Recorded a decision override, rollback, completion, or block outcome
+          content:
+            application/json:
+              schema:
+                type: object
+                additionalProperties: true
+        '400':
+          description: Invalid decision outcome request
+        '401':
+          description: Unauthorized
+  /v1/decisions/metrics:
+    get:
+      operationId: getDecisionMetrics
+      responses:
+        '200':
+          description: Decision-loop metrics derived from recorded evaluations and outcomes
+          content:
+            application/json:
+              schema:
+                type: object
+                additionalProperties: true
+        '401':
+          description: Unauthorized
   /v1/settings/status:
     get:
       operationId: getSettingsStatus
@@ -1115,6 +1207,82 @@ paths:
           description: DPO export accepted as a hosted background job
         '401':
           description: Unauthorized
+  /v1/documents:
+    get:
+      operationId: listImportedDocuments
+      parameters:
+        - in: query
+          name: query
+          schema:
+            type: string
+        - in: query
+          name: q
+          schema:
+            type: string
+        - in: query
+          name: tag
+          schema:
+            type: string
+        - in: query
+          name: limit
+          schema:
+            type: integer
+            default: 20
+      responses:
+        '200':
+          description: Imported policy and runbook documents
+        '401':
+          description: Unauthorized
+  /v1/documents/import:
+    post:
+      operationId: importDocument
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                filePath:
+                  type: string
+                content:
+                  type: string
+                title:
+                  type: string
+                sourceFormat:
+                  type: string
+                  enum: [markdown, text, yaml, json, html]
+                sourceUrl:
+                  type: string
+                tags:
+                  type: array
+                  items:
+                    type: string
+                proposeGates:
+                  type: boolean
+      responses:
+        '201':
+          description: Document imported
+        '400':
+          description: Invalid document import request
+        '401':
+          description: Unauthorized
+  /v1/documents/{documentId}:
+    get:
+      operationId: getImportedDocument
+      parameters:
+        - in: path
+          name: documentId
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Imported document with proposed gates
+        '401':
+          description: Unauthorized
+        '404':
+          description: Imported document not found
   /v1/jobs:
     get:
       operationId: listHostedJobs

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/codex/config.toml

@@ -1,9 +1,9 @@
 # Codex MCP profile (copy into ~/.codex/config.toml or merge section)
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
+args = ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "serve"]
 
 # Hard PreToolUse hook for Codex
 [hooks.pre_tool_use]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "gate-check"]
+args = ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "gate-check"]