thumbgate 1.3.0 → 1.4.1

package/adapters/chatgpt/openapi.yaml

@@ -814,6 +814,98 @@ paths:
           description: Invalid dashboard render view or query
         '401':
           description: Unauthorized
+  /v1/decisions/evaluate:
+    post:
+      operationId: evaluateDecision
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required: [toolName]
+              properties:
+                toolName:
+                  type: string
+                command:
+                  type: string
+                filePath:
+                  type: string
+                changedFiles:
+                  type: array
+                  items:
+                    type: string
+                repoPath:
+                  type: string
+                baseBranch:
+                  type: string
+                requirePrForReleaseSensitive:
+                  type: boolean
+                requireVersionNotBehindBase:
+                  type: boolean
+      responses:
+        '200':
+          description: Persisted workflow-sentinel recommendation with decision-control metadata and actionId
+          content:
+            application/json:
+              schema:
+                type: object
+                additionalProperties: true
+        '400':
+          description: Invalid decision evaluation request
+        '401':
+          description: Unauthorized
+  /v1/decisions/outcome:
+    post:
+      operationId: recordDecisionOutcome
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required: [actionId, outcome]
+              properties:
+                actionId:
+                  type: string
+                outcome:
+                  type: string
+                actualDecision:
+                  type: string
+                actor:
+                  type: string
+                notes:
+                  type: string
+                latencyMs:
+                  type: number
+                metadata:
+                  type: object
+                  additionalProperties: true
+      responses:
+        '200':
+          description: Recorded a decision override, rollback, completion, or block outcome
+          content:
+            application/json:
+              schema:
+                type: object
+                additionalProperties: true
+        '400':
+          description: Invalid decision outcome request
+        '401':
+          description: Unauthorized
+  /v1/decisions/metrics:
+    get:
+      operationId: getDecisionMetrics
+      responses:
+        '200':
+          description: Decision-loop metrics derived from recorded evaluations and outcomes
+          content:
+            application/json:
+              schema:
+                type: object
+                additionalProperties: true
+        '401':
+          description: Unauthorized
   /v1/settings/status:
     get:
       operationId: getSettingsStatus
@@ -1115,6 +1207,82 @@ paths:
           description: DPO export accepted as a hosted background job
         '401':
           description: Unauthorized
+  /v1/documents:
+    get:
+      operationId: listImportedDocuments
+      parameters:
+        - in: query
+          name: query
+          schema:
+            type: string
+        - in: query
+          name: q
+          schema:
+            type: string
+        - in: query
+          name: tag
+          schema:
+            type: string
+        - in: query
+          name: limit
+          schema:
+            type: integer
+            default: 20
+      responses:
+        '200':
+          description: Imported policy and runbook documents
+        '401':
+          description: Unauthorized
+  /v1/documents/import:
+    post:
+      operationId: importDocument
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                filePath:
+                  type: string
+                content:
+                  type: string
+                title:
+                  type: string
+                sourceFormat:
+                  type: string
+                  enum: [markdown, text, yaml, json, html]
+                sourceUrl:
+                  type: string
+                tags:
+                  type: array
+                  items:
+                    type: string
+                proposeGates:
+                  type: boolean
+      responses:
+        '201':
+          description: Document imported
+        '400':
+          description: Invalid document import request
+        '401':
+          description: Unauthorized
+  /v1/documents/{documentId}:
+    get:
+      operationId: getImportedDocument
+      parameters:
+        - in: path
+          name: documentId
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Imported document with proposed gates
+        '401':
+          description: Unauthorized
+        '404':
+          description: Imported document not found
   /v1/jobs:
     get:
       operationId: listHostedJobs

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/codex/config.toml

@@ -1,9 +1,9 @@
 # Codex MCP profile (copy into ~/.codex/config.toml or merge section)
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
+args = ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "serve"]
 
 # Hard PreToolUse hook for Codex
 [hooks.pre_tool_use]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "gate-check"]
+args = ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "gate-check"]

package/adapters/mcp/server-stdio.js

@@ -84,6 +84,11 @@ const {
 const {
   searchThumbgate,
 } = require('../../scripts/thumbgate-search');
+const {
+  importDocument,
+  listImportedDocuments,
+  readImportedDocument,
+} = require('../../scripts/document-intake');
 const { checkLimit, UPGRADE_MESSAGE } = require('../../scripts/rate-limiter');
 const { generateOrgDashboard } = require('../../scripts/org-dashboard');
 const {
@@ -119,7 +124,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.3.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.4.0' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -145,6 +150,28 @@ function resolveSafePath(targetPath, { mustExist = false } = {}) {
   return resolved;
 }
 
+function resolveImportDocumentPath(targetPath) {
+  const workspaceRoot = path.resolve(process.cwd());
+  const resolved = path.resolve(workspaceRoot, String(targetPath || ''));
+  const allowedRoots = [workspaceRoot, SAFE_DATA_DIR]
+    .filter(Boolean)
+    .map((root) => path.resolve(root));
+  const allowed = allowedRoots.some((root) => {
+    const relative = path.relative(root, resolved);
+    return relative === '' || (!relative.startsWith('..') && !path.isAbsolute(relative));
+  });
+
+  if (!allowed) {
+    throw new Error(`Path must stay within ${workspaceRoot} or ${SAFE_DATA_DIR}`);
+  }
+
+  if (!fs.existsSync(resolved)) {
+    throw new Error(`Path does not exist: ${resolved}`);
+  }
+
+  return resolved;
+}
+
 function toTextResult(payload) {
   const text = typeof payload === 'string' ? payload : JSON.stringify(payload, null, 2);
   return {
@@ -421,6 +448,29 @@ async function callToolInner(name, args) {
         source: args.source,
         signal: args.signal,
       }));
+    case 'import_document':
+      return toTextResult(importDocument({
+        filePath: args.filePath ? resolveImportDocumentPath(args.filePath) : null,
+        content: typeof args.content === 'string' ? args.content : null,
+        title: args.title,
+        sourceFormat: args.sourceFormat,
+        sourceUrl: args.sourceUrl,
+        tags: Array.isArray(args.tags) ? args.tags : [],
+        proposeGates: args.proposeGates !== false,
+      }));
+    case 'list_imported_documents':
+      return toTextResult(listImportedDocuments({
+        query: args.query || '',
+        tag: args.tag || null,
+        limit: Number(args.limit || 20),
+      }));
+    case 'get_imported_document': {
+      const document = readImportedDocument(args.documentId);
+      if (!document) {
+        throw new Error(`Imported document not found: ${args.documentId}`);
+      }
+      return toTextResult(document);
+    }
     case 'feedback_stats':
       return toTextResult(analyzeFeedback());
     case 'diagnose_failure':
@@ -489,6 +539,19 @@ async function callToolInner(name, args) {
       }));
     case 'enforcement_matrix':
       return toTextResult(listEnforcementMatrix());
+    case 'security_scan': {
+      const { scanCode, scanDependencyChange, scanGitDiff } = require('../../scripts/security-scanner');
+      if (args.diffMode) {
+        return toTextResult(scanGitDiff(args.content));
+      }
+      const codeResult = scanCode(args.content, args.filePath || '');
+      if (args.filePath && args.filePath.endsWith('package.json')) {
+        const supplyResult = scanDependencyChange('', args.content);
+        codeResult.findings = (codeResult.findings || []).concat(supplyResult.findings || []);
+        codeResult.detected = codeResult.detected || supplyResult.detected;
+      }
+      return toTextResult(codeResult);
+    }
     case 'prevention_rules': {
       const outputPath = args.outputPath ? resolveSafePath(args.outputPath) : undefined;
       return toTextResult(writePreventionRules(outputPath, Number(args.minOccurrences || 2)));
@@ -680,6 +743,26 @@ async function callToolInner(name, args) {
       return toTextResult(appendFeedbackContext(args.sessionId, args.message, args.role));
     case 'finalize_feedback_session':
       return toTextResult(finalizeFeedbackSession(args.sessionId));
+    case 'run_managed_lesson_agent': {
+      const { runManagedAgent } = require('../../scripts/managed-lesson-agent');
+      return toTextResult(await runManagedAgent({ dryRun: args.dryRun, limit: args.limit, model: args.model }));
+    }
+    case 'managed_agent_status': {
+      const { getManagedAgentStatus } = require('../../scripts/managed-lesson-agent');
+      return toTextResult(getManagedAgentStatus() || { message: 'No managed agent runs recorded yet.' });
+    }
+    case 'run_self_distill': {
+      const { runSelfDistill } = require('../../scripts/self-distill-agent');
+      return toTextResult(await runSelfDistill({ dryRun: args.dryRun, limit: args.limit, model: args.model }));
+    }
+    case 'self_distill_status': {
+      const { getSelfDistillStatus } = require('../../scripts/self-distill-agent');
+      return toTextResult(getSelfDistillStatus() || { message: 'No self-distill runs found.' });
+    }
+    case 'context_stuff_lessons': {
+      const { getAllLessonsForContext } = require('../../scripts/lesson-inference');
+      return toTextResult(getAllLessonsForContext({ maxTokenBudget: args.maxTokenBudget, signal: args.signal, format: args.format }));
+    }
     default:
       throw new Error(`Unsupported tool: ${name}`);
   }

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.3.0",
+        "thumbgate@1.4.0",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -8,11 +8,12 @@
  *   npx thumbgate init --agent claude-code   # scaffold + wire hooks for specific agent
  *   npx thumbgate gate-check    # PreToolUse hook: pipe tool JSON via stdin, get verdict
  *   npx thumbgate capture       # capture feedback
+ *   npx thumbgate import-doc    # import a local policy/runbook document and propose gates
  *   npx thumbgate export-dpo    # export DPO training pairs
  *   npx thumbgate export-databricks   # export Databricks-ready analytics bundle
  *   npx thumbgate stats         # feedback analytics + Revenue-at-Risk
  *   npx thumbgate cfo           # local operational billing summary
- *   npx thumbgate pro           # upgrade to Context Gateway
+ *   npx thumbgate pro           # solo dashboard + exports side lane
  */
 
 'use strict';
@@ -49,7 +50,9 @@ function upgradeNudge() {
     if (isProTier()) return;
   } catch (_) { return; }
   process.stderr.write(
-    `\n  Unlock Pro: unlimited gates, DPO export, searchable dashboard — ${PRO_PRICE_LABEL}\n` +
+    '\n  Team rollout: start with the Workflow Hardening Sprint\n' +
+    '  https://thumbgate-production.up.railway.app/#workflow-sprint-intake\n' +
+    `\n  Solo side lane: Pro — ${PRO_PRICE_LABEL}\n` +
     `  ${PRO_CHECKOUT_URL}\n\n`
   );
 }
@@ -456,8 +459,78 @@ function setupForge() {
   return true;
 }
 
-function init() {
-  const args = parseArgs(process.argv.slice(3));
+function detectAgent(projectDir) {
+  if (fs.existsSync(path.join(projectDir, '.claude'))) return 'claude-code';
+  if (fs.existsSync(path.join(projectDir, '.cursorrules'))) return 'cursor';
+  if (fs.existsSync(path.join(projectDir, '.cursor'))) return 'cursor';
+  if (fs.existsSync(path.join(projectDir, '.codex'))) return 'codex';
+  if (fs.existsSync(path.join(projectDir, '.gemini'))) return 'gemini';
+  if (fs.existsSync(path.join(projectDir, '.amp'))) return 'amp';
+  return null;
+}
+
+function quickStart() {
+  const qsArgs = parseArgs(process.argv.slice(3));
+  const projectDir = process.cwd();
+  const detectedAgent = detectAgent(projectDir);
+  const agent = qsArgs.agent || detectedAgent || 'claude-code';
+  const thumbgateDir = path.join(projectDir, '.thumbgate');
+  const configPath = path.join(thumbgateDir, 'config.json');
+  const agentSource = qsArgs.agent ? 'specified' : (detectedAgent ? 'auto-detected' : 'default');
+
+  console.log(`\nthumbgate quick-start v${pkgVersion()}`);
+  console.log(`Agent: ${agent} (${agentSource})`);
+  console.log('');
+
+  // 1. Run init with the resolved agent so hook wiring uses the same target.
+  init({ ...qsArgs, agent });
+
+  // 2. Copy default gates
+  const defaultGates = path.join(PKG_ROOT, 'config', 'gates', 'default.json');
+  const targetGates = path.join(thumbgateDir, 'gates.json');
+  if (fs.existsSync(defaultGates)) {
+    fs.mkdirSync(thumbgateDir, { recursive: true });
+    fs.copyFileSync(defaultGates, targetGates);
+    console.log('  Copied default gates to .thumbgate/gates.json');
+  }
+
+  // 3. Write config
+  let baseConfig = {};
+  if (fs.existsSync(configPath)) {
+    try {
+      baseConfig = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    } catch (_) {
+      baseConfig = {};
+    }
+  }
+  const config = {
+    ...baseConfig,
+    selfDistillation: true,
+    contextStuffing: true,
+    maxTokenBudget: 10000,
+    autoGatePromotion: true,
+    agent,
+    version: pkgVersion(),
+    installId: baseConfig.installId || require('crypto').randomBytes(8).toString('hex'),
+    quickStart: true,
+    createdAt: baseConfig.createdAt || new Date().toISOString(),
+  };
+  fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n');
+  console.log('  Created .thumbgate/config.json');
+
+  console.log('\n  Enforcement setup complete:');
+  console.log('    Self-distillation: ON (agent auto-learns from outcomes)');
+  console.log('    Context-stuffing:  ON (all lessons injected at session start)');
+  console.log('    Auto-gate promotion: ON (recurring failures become hard blocks)');
+  console.log('    Default gates: ' + (fs.existsSync(targetGates) ? 'loaded' : 'not found'));
+  console.log('\n  Next steps:');
+  console.log('    npx thumbgate capture --feedback=down --context="what failed"');
+  console.log('    npx thumbgate stats');
+  console.log('');
+}
+
+function init(cliArgs = parseArgs(process.argv.slice(3))) {
+  const args = { ...cliArgs };
 
   // --wire-hooks only mode: skip scaffolding, just wire hooks
   if (args['wire-hooks']) {
@@ -582,11 +655,11 @@ function init() {
   trackEvent('cli_init', { command: 'init' });
   proNudge();
   console.log('');
-  console.log('  ┌─────────────────────────────────────────────────────┐');
-  console.log('  │  Unlock unlimited captures, searches & dashboard:   │');
-  console.log('  │  https://thumbgate-production.up.railway.app/pro    │');
-  console.log('  │  Pro starts at $19/mo — 7-day free trial included   │');
-  console.log('  └─────────────────────────────────────────────────────┘');
+  console.log('  ┌──────────────────────────────────────────────────────────┐');
+  console.log('  │  Teams: shared enforcement, CI gates, audit trails      │');
+  console.log('  │  One correction protects every agent on your team.      │');
+  console.log('  │  https://thumbgate-production.up.railway.app/pro        │');
+  console.log('  └──────────────────────────────────────────────────────────┘');
 
   try {
     const { appendFunnelEvent } = require(path.join(PKG_ROOT, 'scripts', 'billing'));
@@ -696,8 +769,9 @@ function stats() {
     console.log(`  Repeated Failures detected: ${data.totalNegative}`);
     console.log(`  Estimated Operational Loss: $${revenueAtRisk}`);
     console.log('  Action Required: Run "npx thumbgate rules" to generate guardrails.');
-    console.log('  Strategic Recommendation: Upgrade to Context Gateway to sync these rules across your team.');
-    console.log('  Run: npx thumbgate pro');
+    console.log('  Strategic Recommendation: if this is a shared workflow problem, start the Workflow Hardening Sprint.');
+    console.log('  Team intake: https://thumbgate-production.up.railway.app/#workflow-sprint-intake');
+    console.log('  Solo side lane: npx thumbgate pro');
   } else {
     console.log('\n✅ System is currently high-reliability. No immediate revenue loss detected.');
   }
@@ -804,11 +878,11 @@ function pro() {
     const truthUrl = 'https://github.com/IgorGanapolsky/ThumbGate/blob/main/docs/COMMERCIAL_TRUTH.md';
     console.log('\nThumbGate Pro — Local Dashboard');
     console.log('─'.repeat(50));
-    console.log('Self-serve offer today: Pro ($19/mo or $149/yr).');
+    console.log('Self-serve side lane today: Pro ($19/mo or $149/yr).');
     console.log('Every licensed Pro user gets a personal local dashboard on localhost.');
     console.log('\nWhat is available:');
     console.log('  - Local Pro dashboard: your own browser dashboard for search, gates, and DPO export');
-    console.log('  - Optional hosted API key: shared lesson DB for teams and multi-agent workflows');
+    console.log('  - Team rollout path: shared hosted lessons, org visibility, and workflow proof');
     console.log('  - Commercial truth doc: source of truth for traction, pricing, and proof claims');
     console.log('\nLinks:');
     console.log(`  Buy Pro         : ${PRO_CHECKOUT_URL}`);
@@ -1038,6 +1112,67 @@ function exportDatabricks() {
   }
 }
 
+function importDoc() {
+  syncActiveProjectContext();
+  const args = parseArgs(process.argv.slice(3));
+  const positionalFilePath = process.argv.slice(3).find((arg) => !arg.startsWith('--'));
+  const filePath = positionalFilePath || args.file || args.path || null;
+  const inlineContent = typeof args.content === 'string' && args.content.trim()
+    ? args.content
+    : (!filePath ? readStdinText().trim() : '');
+  const tags = String(args.tags || args.tag || '')
+    .split(',')
+    .map((tag) => tag.trim())
+    .filter(Boolean);
+
+  if (!filePath && !inlineContent) {
+    console.error('Error: import-doc requires a file path, --content, or stdin text');
+    process.exit(1);
+  }
+
+  try {
+    const { importDocument: importDocumentLocal } = require(path.join(PKG_ROOT, 'scripts', 'document-intake'));
+    const document = importDocumentLocal({
+      filePath,
+      content: inlineContent || null,
+      title: args.title || null,
+      sourceFormat: args.format || args['source-format'] || null,
+      sourceUrl: args.url || args['source-url'] || null,
+      tags,
+      proposeGates: args['no-proposals'] ? false : args.proposeGates !== 'false',
+    });
+    trackEvent('cli_import_doc', {
+      command: 'import-doc',
+      documentId: document.documentId,
+      sourceFormat: document.sourceFormat,
+      proposalCount: Array.isArray(document.proposals) ? document.proposals.length : 0,
+    });
+
+    const payload = {
+      ok: true,
+      document,
+    };
+    if (args.json) {
+      console.log(JSON.stringify(payload, null, 2));
+      return;
+    }
+
+    console.log(`Imported document: ${document.title}`);
+    console.log(`  ID: ${document.documentId}`);
+    console.log(`  Format: ${document.sourceFormat}`);
+    console.log(`  Proposals: ${Array.isArray(document.proposals) ? document.proposals.length : 0}`);
+    if (Array.isArray(document.proposals) && document.proposals.length > 0) {
+      console.log('\nProposed gates:');
+      for (const proposal of document.proposals.slice(0, 6)) {
+        console.log(`  - [${proposal.type}] ${proposal.title} (${proposal.action}/${proposal.severity})`);
+      }
+    }
+  } catch (err) {
+    console.error(err && err.message ? err.message : err);
+    process.exit(1);
+  }
+}
+
 function obsidianExport() {
   const args = parseArgs(process.argv.slice(3));
   const { exportAll } = require(path.join(PKG_ROOT, 'scripts', 'obsidian-export'));
@@ -1295,6 +1430,20 @@ function sessionStart() {
   const { analyzeFeedback } = require(path.join(PKG_ROOT, 'scripts', 'feedback-loop'));
   const { refreshStatuslineCache } = require(path.join(PKG_ROOT, 'scripts', 'hook-thumbgate-cache-updater'));
   refreshStatuslineCache(analyzeFeedback());
+
+  // Surface gate-program.md active rules so the agent starts aware of what is blocked.
+  try {
+    const { readGateProgram, extractBlockPatterns } = require(path.join(PKG_ROOT, 'scripts', 'meta-agent-loop'));
+    const gateProgram = readGateProgram();
+    if (gateProgram) {
+      const blockPatterns = extractBlockPatterns(gateProgram);
+      if (blockPatterns.length > 0) {
+        process.stderr.write('\n[ThumbGate] Active hard-block rules from gate-program.md:\n');
+        blockPatterns.forEach((p, i) => process.stderr.write(`  ${i + 1}. ${p}\n`));
+        process.stderr.write('\n');
+      }
+    }
+  } catch (_) { /* gate-program awareness is best-effort */ }
 }
 
 function installMcp() {
@@ -1357,6 +1506,7 @@ function help() {
   console.log('  capture [flags]       Capture feedback (--feedback=up|down --context="..." --tags="...")');
   console.log('  stats                 Show feedback analytics + Revenue-at-Risk');
   console.log('  cfo                   Show hosted billing summary when configured, else local fallback JSON');
+  console.log('  billing:setup         Generate operator key + print Railway setup instructions');
   console.log('  repair-github-marketplace  Dry-run or apply legacy GitHub Marketplace amount repairs (--write)');
   console.log('  north-star            Show proof-backed workflow-run progress toward the North Star');
   console.log('  summary               Human-readable feedback summary');
@@ -1365,6 +1515,7 @@ function help() {
   console.log('  risk [flags]          Train or query the boosted local risk scorer');
   console.log('  doctor                Audit runtime isolation, bootstrap context, and permission tier');
   console.log('  dispatch              Print a Dispatch-safe remote ops brief for phone-driven review sessions');
+  console.log('  import-doc            Import a local policy/runbook and propose reviewable gate candidates');
   console.log('  export-dpo            Export DPO training pairs (prompt/chosen/rejected JSONL)');
   console.log('  export-databricks     Export feedback logs + proof artifacts as a Databricks-ready analytics bundle');
   console.log('  obsidian-export       Export all feedback data as interlinked Obsidian markdown notes');
@@ -1373,6 +1524,9 @@ function help() {
   console.log('  rules                 Generate prevention rules from repeated failures');
   console.log('  optimize              [PRO] Prune CLAUDE.md and migrate manual rules to Pre-Action Gates');
   console.log('  force-gate <PATTERN>  Immediately create a blocking gate from a pattern');
+  console.log('  meta-agent            Run meta-agent loop: generate + evaluate + promote prevention rules');
+  console.log('    --dry-run           Preview rules without writing');
+  console.log('    --status            Show last run summary');
   console.log('  self-heal             Run self-healing check and auto-fix');
   console.log('  activate <KEY>        Activate a Pro license key (from Stripe checkout)');
   console.log('  pro                   Show Pro plan ($19/mo) + hosted pilot info');
@@ -1394,6 +1548,7 @@ function help() {
   console.log('  npx thumbgate init');
   console.log('  npx thumbgate stats');
   console.log('  npx thumbgate cfo');
+  console.log('  npx thumbgate import-doc docs/release-policy.md --json');
   console.log('  npx thumbgate repair-github-marketplace --write');
   console.log('  npx thumbgate lessons --query="verification" --limit=5');
   console.log('  npx thumbgate model-fit');
@@ -1414,6 +1569,9 @@ switch (COMMAND) {
     init();
     upgradeNudge();
     break;
+  case 'quick-start':
+    quickStart();
+    break;
   case 'install':
     install();
     break;
@@ -1455,6 +1613,9 @@ switch (COMMAND) {
   case 'revenue':
     cfo();
     break;
+  case 'billing:setup':
+    require(path.join(PKG_ROOT, 'scripts', 'billing-setup'));
+    break;
   case 'repair-github-marketplace':
     repairGithubMarketplace();
     break;
@@ -1559,6 +1720,10 @@ switch (COMMAND) {
   case 'obsidian-export':
     obsidianExport();
     break;
+  case 'import-doc':
+  case 'import-document':
+    importDoc();
+    break;
   case 'rules':
     rules();
     break;
@@ -1577,6 +1742,32 @@ switch (COMMAND) {
     console.log(`Total auto-promoted gates: ${result.totalGates}`);
     break;
   }
+  case 'meta-agent': {
+    const metaArgs = parseArgs(process.argv.slice(3));
+    if (metaArgs.status) {
+      const { getMetaAgentStatus } = require(path.join(PKG_ROOT, 'scripts', 'meta-agent-loop'));
+      const status = getMetaAgentStatus();
+      if (!status) {
+        console.log('No meta-agent runs recorded yet. Run: npx thumbgate meta-agent');
+      } else {
+        console.log(JSON.stringify(status, null, 2));
+      }
+    } else {
+      const { runMetaAgentLoop } = require(path.join(PKG_ROOT, 'scripts', 'meta-agent-loop'));
+      runMetaAgentLoop({ dryRun: Boolean(metaArgs['dry-run']), verbose: true })
+        .then((manifest) => {
+          console.log(`\nMeta-agent run complete.`);
+          console.log(`  Promoted : ${manifest.promotedCount} rule(s)`);
+          console.log(`  Reverted : ${manifest.revertedCount} candidate(s)`);
+          if (manifest.dryRun) console.log('  [DRY RUN] No rules written.');
+        })
+        .catch((err) => {
+          console.error('Meta-agent failed:', err.message);
+          process.exit(1);
+        });
+    }
+    break;
+  }
   case 'self-heal':
     selfHeal();
     break;