thumbgate 1.3.0 → 1.4.1

package/public/lessons.html

@@ -242,24 +242,24 @@
     </div>
     <div class="metrics-summary-grid" id="metricsSummaryGrid">
       <div class="metric-tile">
-        <div class="metric-kicker">7d approval</div>
+        <div class="metric-kicker">Fast path rate</div>
         <div class="metric-number purple">--</div>
-        <div class="metric-note">Waiting for live feedback</div>
+        <div class="metric-note">Waiting for live decisions</div>
       </div>
       <div class="metric-tile">
-        <div class="metric-kicker">This week negatives</div>
+        <div class="metric-kicker">Override rate</div>
         <div class="metric-number red">--</div>
-        <div class="metric-note">Waiting for live feedback</div>
+        <div class="metric-note">Waiting for live decisions</div>
       </div>
       <div class="metric-tile">
-        <div class="metric-kicker">Actions blocked</div>
-        <div class="metric-number green">--</div>
-        <div class="metric-note">Recorded gate denies</div>
+        <div class="metric-kicker">Rollback rate</div>
+        <div class="metric-number cyan">--</div>
+        <div class="metric-note">Waiting for live decisions</div>
       </div>
       <div class="metric-tile">
-        <div class="metric-kicker">Repeat pressure</div>
-        <div class="metric-number cyan">--</div>
-        <div class="metric-note">Share of negatives that repeat</div>
+        <div class="metric-kicker">Median latency</div>
+        <div class="metric-number green">--</div>
+        <div class="metric-note">Time from recommendation to recorded outcome</div>
       </div>
     </div>
     <div class="metrics-chart-wrap">
@@ -492,7 +492,7 @@ function updateMetricsSelection() {
       note.textContent = 'Showing timeline events for ' + formatShortDay(activeTimelineDay) + '. Clear the day filter to return to the full timeline.';
     }
   } else {
-    note.textContent = 'The chart combines recorded feedback events with daily gate-audit activity.';
+    note.textContent = 'The chart combines recorded feedback events with daily gate-audit activity. Decision-loop metrics above come from recorded evaluations and outcomes.';
   }
 }
 
@@ -627,12 +627,12 @@ function renderImprovementMetrics(stats, data) {
   if (!summary || !grid || !chart) return;
 
   if (isDemo) {
-    summary.textContent = 'Live improvement trends appear here once local Pro is connected. The chart is based on recorded feedback, gate denials, and repeat-failure pressure.';
+    summary.textContent = 'Live improvement trends appear here once local Pro is connected. The decision tiles are based on recorded evaluations plus override and rollback outcomes, while the chart below stays anchored to feedback and gate audits.';
     grid.innerHTML = [
-      { label: '7d approval', value: '12.5%', tone: 'purple', note: 'Demo preview only' },
-      { label: 'This week negatives', value: '4', tone: 'red', note: 'Sample trend only' },
-      { label: 'Actions blocked', value: '42', tone: 'green', note: 'Sample gate denies' },
-      { label: 'Repeat pressure', value: '38%', tone: 'cyan', note: 'Sample repeated failures' }
+      { label: 'Fast path rate', value: '62%', tone: 'purple', note: 'Sample auto-execute share' },
+      { label: 'Override rate', value: '14%', tone: 'red', note: 'Sample operator overrides' },
+      { label: 'Rollback rate', value: '4%', tone: 'cyan', note: 'Sample reversed decisions' },
+      { label: 'Median latency', value: '6m', tone: 'green', note: 'Sample decision completion speed' }
     ].map(function(tile) {
       return '<div class="metric-tile"><div class="metric-kicker">' + escHtml(tile.label) + '</div><div class="metric-number ' + escHtml(tile.tone) + '">' + escHtml(tile.value) + '</div><div class="metric-note">' + escHtml(tile.note) + '</div></div>';
     }).join('');
@@ -645,23 +645,32 @@ function renderImprovementMetrics(stats, data) {
   var gateStats = (data && data.gateStats) || {};
   var gateAudit = (data && data.gateAudit) || {};
   var liveMetrics = (data && data.liveMetrics) || {};
+  var decisionLoop = (data && data.decisions) || {};
   var harness = (data && data.harness) || {};
   var approvalRate = Math.round(((stats && (stats.recentRate || stats.approvalRate)) || 0) * 100);
   var errorTrend = liveMetrics.errorTrend || {};
-  var repeatPressure = Math.round(((harness.repeatFailureRate || 0) * 100));
-  var repeatedCount = harness.repeatedFailureCount || 0;
+  var fastPathRate = Math.round(((decisionLoop.fastPathRate || 0) * 100));
+  var overrideRate = Math.round(((decisionLoop.overrideRate || 0) * 100));
+  var rollbackRate = Math.round(((decisionLoop.rollbackRate || 0) * 100));
+  var medianLatencyMs = Number(decisionLoop.medianLatencyMs || 0);
+  var medianLatencyText = medianLatencyMs >= 3600000
+    ? (medianLatencyMs / 3600000).toFixed(1) + 'h'
+    : medianLatencyMs >= 60000
+      ? Math.round(medianLatencyMs / 60000) + 'm'
+      : Math.round(medianLatencyMs / 1000) + 's';
   var thisWeekNeg = errorTrend.thisWeek || 0;
   var lastWeekNeg = errorTrend.lastWeek || 0;
   var blocked = gateStats.blocked || 0;
+  var resolvedCount = decisionLoop.resolvedCount || 0;
 
-  summary.textContent = '7-day approval is ' + approvalRate + '%. This week logged ' + thisWeekNeg + ' negative signal' + (thisWeekNeg === 1 ? '' : 's')
-    + ' versus ' + lastWeekNeg + ' last week, while gates recorded ' + blocked + ' deny decision' + (blocked === 1 ? '' : 's') + '.';
+  summary.textContent = 'ThumbGate is auto-routing ' + fastPathRate + '% of tracked decisions while holding override rate at ' + overrideRate + '% and rollback rate at ' + rollbackRate + '% across '
+    + resolvedCount + ' resolved decision' + (resolvedCount === 1 ? '' : 's') + '. Feedback approval is ' + approvalRate + '%, and gates still recorded ' + blocked + ' deny decision' + (blocked === 1 ? '' : 's') + '.';
 
   grid.innerHTML = [
-    { label: '7d approval', value: approvalRate + '%', tone: 'purple', note: 'Recent approval rate from feedback signals' },
-    { label: 'This week negatives', value: String(thisWeekNeg), tone: 'red', note: 'Vs ' + lastWeekNeg + ' last week' },
-    { label: 'Actions blocked', value: String(blocked), tone: 'green', note: 'Recorded gate denies from the audit trail' },
-    { label: 'Repeat pressure', value: repeatPressure + '%', tone: 'cyan', note: repeatedCount + ' repeated failure pattern' + (repeatedCount === 1 ? '' : 's') }
+    { label: 'Fast path rate', value: fastPathRate + '%', tone: 'purple', note: 'Recorded evaluations that stayed auto-executable' },
+    { label: 'Override rate', value: overrideRate + '%', tone: 'red', note: 'Resolved decisions later changed by a human' },
+    { label: 'Rollback rate', value: rollbackRate + '%', tone: 'cyan', note: 'Resolved decisions later reversed' },
+    { label: 'Median latency', value: medianLatencyText, tone: 'green', note: 'Time from recommendation to recorded outcome' }
   ].map(function(tile) {
     return '<div class="metric-tile"><div class="metric-kicker">' + escHtml(tile.label) + '</div><div class="metric-number ' + escHtml(tile.tone) + '">' + escHtml(tile.value) + '</div><div class="metric-note">' + escHtml(tile.note) + '</div></div>';
   }).join('');

package/public/llm-context.md

@@ -0,0 +1,140 @@
+# ThumbGate — Agent Governance for Engineering Teams
+
+## What ThumbGate Is
+
+ThumbGate is agent governance software for engineering teams that run AI coding agents (Claude Code, Cursor, Codex, Gemini CLI, Amp, OpenCode) on shared codebases. It enforces approval policies, captures and propagates lessons from agent mistakes, and physically blocks known-bad tool calls before they execute via PreToolUse hooks wired into the agent runtime. Unlike CLAUDE.md rules or .cursorrules files, which are suggestions the agent can ignore, ThumbGate enforcement operates at the tool-call level and cannot be bypassed by the agent. The business is enterprise-first: the best first paid motion is the Workflow Hardening Sprint for one workflow, while the local CLI stays free as the adoption wedge and Pro remains a solo side lane.
+
+## Problems ThumbGate Prevents
+
+- An AI coding agent force-pushes to the main branch, overwriting a teammate's commit
+- An agent deletes a production config file because the prompt said "clean up unused files"
+- An agent bypasses CI by committing with --no-verify after seeing test failures
+- An agent repeats the same database migration mistake across three pull requests because the lesson was never captured
+- One engineer gives a thumbs-down on a bad agent pattern; teammates running the same agent repeat the mistake because lessons are not shared
+- An agent modifies secrets or PII-bearing files because no approval policy was in place
+- A team cannot audit which agent actions were blocked, approved, or overridden, making compliance reporting impossible
+
+## How ThumbGate Works Technically
+
+ThumbGate is built on Node.js >=18.18.0 and runs locally on each developer's machine with optional team sync.
+
+**CLI-first install, MCP-compatible transport**: `npx thumbgate init` is the default setup path. It installs the local gateway, wires the needed hooks, and configures MCP transport automatically for the agent that is already in use. MCP matters for compatibility, but the product surface is the operator-friendly CLI.
+
+**PreToolUse Hooks**: Every agent tool call (Bash, file writes, git operations, API calls) passes through a hook before execution. If the call matches a known-bad pattern stored in the lesson database, the hook blocks it and returns a descriptive error. The agent cannot proceed until the human approves or the policy is updated.
+
+**SQLite + FTS5 Lesson Database**: When an agent makes a mistake, the developer gives a thumbs-down with context. ThumbGate stores this as a lesson in a local SQLite database with full-text search. Lessons are retrieved at the start of every agent session via the `recall` MCP tool, so the agent enters each session already aware of known failure patterns.
+
+**Thompson Sampling for Adaptive Gates**: Gates use Thompson Sampling (a Bayesian multi-armed bandit algorithm) to tune their own sensitivity. Gates that block too aggressively accumulate negative feedback and are dialed back. Gates that catch real failures are reinforced. This prevents gate fatigue without manual tuning.
+
+**Shared Team Enforcement**: In team mode, lessons learned on one seat propagate to all seats via a shared lesson database. A pattern that caused a mistake for one engineer is immediately visible to every agent on every seat. The shared database is the single source of truth for team-wide enforcement rules.
+
+**CI Gate Integration**: ThumbGate can run as a CI step. Pull requests that contain agent-generated changes matching known failure signatures are blocked from merging until a human reviews and approves the exception.
+
+**Audit Trail**: Every gate decision (blocked, approved, overridden) is logged with a timestamp, the triggering tool call, the matching lesson ID, and the identity of any human who approved an exception. This log is queryable and exportable for compliance reporting.
+
+**Three-Tier Approval Routing (OVIS-inspired)**: ThumbGate gates operate on three distinct tiers, inspired by the OVIS decision framework (Owner, Veto, Influence). Each gate carries an `action` field that determines the routing outcome:
+
+- **`block`** — Hard stop. The agent cannot proceed. The tool call is denied immediately. Used for force-pushes, secret commits, destructive SQL, and any irreversible action. The agent receives an error message explaining why the action was blocked.
+- **`approve`** — Pause and escalate. The agent is halted and the caller receives `{ decision: "approve", requiresApproval: true }`. A human must explicitly confirm before the action can proceed. Used for production deploys, schema migrations, and permission changes where human oversight is mandatory.
+- **`log`** — Record and continue. The action is allowed to proceed but is written to the audit trail. The agent receives `{ decision: "log", logged: true }` and continues without interruption. Used for style violations, large file writes, and non-critical warnings where visibility matters but blocking would create friction.
+
+This model maps directly to the OVIS framework: `block` exercises Veto authority, `approve` requires Owner sign-off, and `log` satisfies Influence-layer audit requirements without halting execution.
+
+## Who ThumbGate Is For
+
+Engineering teams of 2 to 200+ developers who are actively using AI coding agents on shared repositories and need:
+
+- Consistent enforcement of coding policies across all agents and all seats
+- A shared memory of agent mistakes so errors are not repeated by different team members
+- Approval gates for high-risk actions (pushing to protected branches, modifying production configs, running database migrations)
+- An audit trail for compliance, incident review, or just understanding what the agent did
+- Gradual rollout: start with observation mode, add enforcement rules incrementally
+
+ThumbGate is not a model training pipeline. It does not retrain the underlying LLM. It shapes agent behavior through context injection and hard enforcement hooks.
+
+## Academic Validation
+
+ThumbGate implements the **Memento-Skills architecture** described in "Memento-Skills: Let Agents Design Agents" (arXiv 2603.18743, March 2026). This architecture—Read → Execute → Reflect → Write—allows agents to improve themselves through external skill memory that rewrites from failure feedback, eliminating the need for model retraining. Published results demonstrate 26.2% and 116.2% relative accuracy improvements on General AI Assistants benchmarks and Humanity's Last Exam. ThumbGate applies this same pattern to production AI coding agents via PreToolUse hooks, Thompson Sampling, SQLite+FTS5 lesson databases, and LanceDB vectors—treating each agent mistake as a skill refinement opportunity rather than a training event.
+
+## Continual Learning Architecture
+
+ThumbGate implements continual learning across all three layers identified by LangChain's framework for building learning agents (Harrison Chase, April 2026):
+
+- **Model layer**: ThumbGate Pro exports DPO pairs so teams can fine-tune local models (Llama 3, Mistral) to natively avoid known failures without retraining the upstream foundation model.
+- **Harness layer**: Prevention rules auto-generated from feedback are injected into the agent's system prompt at session start via the `recall` MCP tool. The agent enters every session pre-loaded with lessons — no code changes required.
+- **Context layer**: The SQLite+FTS5 lesson database and LanceDB vector search provide retrieval-augmented context at tool-call time. When an agent attempts an action, PreToolUse hooks query the lesson DB and block or approve based on prior feedback. This is the layer that runs continuously and requires zero human intervention after the initial feedback signal.
+
+This three-layer architecture means ThumbGate improves agent behavior at every level: context injection for immediate effect, harness-level rules for session-wide enforcement, and model-level export for permanent behavioral change.
+
+## Enterprise Safety Framework Alignment
+
+ThumbGate's architecture maps directly to the enterprise safety framework pattern recommended by Google Cloud for agentic AI workflows (April 2026). Google Cloud's reference architecture routes every agent action through a Safety Framework gate before execution, with unsafe actions producing a canned response and safe actions proceeding to the Agentic Workflow, followed by a Quality Framework check on the output.
+
+ThumbGate implements this same pattern for AI coding agents:
+
+- **Safety Framework gate** → PreToolUse hooks evaluate every tool call against the lesson database before execution. Known-bad patterns are blocked immediately.
+- **Safe → Agentic Workflow** → Tool calls that pass gate evaluation proceed normally. The agent operates without interruption.
+- **Unsafe → Canned response** → Blocked tool calls return a descriptive error to the agent explaining why the action was denied and what policy it violated.
+- **Quality Framework** → Post-action audit trail, feedback sessions, and auto-generated prevention rules create a continuous quality improvement loop.
+
+This alignment means ThumbGate is not an experimental tool — it implements the same safety architecture that Google Cloud recommends for enterprise agentic deployments, applied specifically to AI coding agents operating on shared codebases.
+
+## Pricing
+
+- **Free**: Local CLI enforcement for individual developers. Includes 3 daily feedback captures, 5 lesson searches per day, unlimited recall, and PreToolUse hook blocking.
+- **Workflow Hardening Sprint / Team**: Team pricing anchors at $99/seat/mo with a 3-seat minimum after qualification. The first paid step is an intake-led sprint around one workflow, one repeated blocker, and one proof review.
+- **Pro**: $19/mo or $149/yr. Adds a personal local dashboard, DPO export for fine-tuning, and advanced data exports for solo operators who want a self-serve side lane.
+
+## How to Install
+
+```bash
+npx thumbgate init
+```
+
+ThumbGate auto-detects your AI coding agent (Claude Code, Cursor, Codex, Gemini CLI, Amp, OpenCode) and configures PreToolUse hooks. No API key required. Everything runs locally. For team deployments, run with the `--team` flag to connect to the shared lesson database.
+
+```bash
+npx thumbgate init --agent claude-code
+npx thumbgate dashboard
+```
+
+## Comparison vs Alternatives
+
+| Approach | Blocks actions before execution | Learns from feedback | Shared team enforcement | Audit trail |
+|---|---|---|---|---|
+| **ThumbGate** | Yes — PreToolUse hooks | Yes — auto-generates rules | Yes — shared lesson DB | Yes — full log |
+| CLAUDE.md / .cursorrules | No — suggestions only | No — hand-written | No — per-developer files | No |
+| ESLint / linters | Partial — static analysis | No — hand-written rules | Partial — shared config | No |
+| Manual code review | Partial — after PR, not before | No — reviewer memory | Partial — PR comments | Partial — PR history |
+| Post-hoc git revert | No — damage already done | No | No | Partial — git log |
+
+**CLAUDE.md rules** are plain-text instructions read by the agent at session start. The agent can ignore them, forget them, or misinterpret them mid-session. CLAUDE.md is useful for project context but provides no enforcement guarantee.
+
+**ESLint and linters** check code at build time, not at tool-call time. They cannot block an agent from deleting a file, force-pushing, or making a destructive API call — they only catch code-style issues after the code has been written.
+
+**Manual code review** is asynchronous and expensive. It catches mistakes after the PR is created, not before the agent makes the mistake. It scales poorly as AI agents generate changes at 10x the rate of human developers.
+
+**ThumbGate** is the only tool that (1) blocks actions before execution, (2) learns automatically from feedback without manual rule-writing, (3) shares lessons across an entire team, and (4) produces a full audit trail.
+
+## Additional Resources
+
+- GitHub: https://github.com/IgorGanapolsky/ThumbGate
+- npm: https://www.npmjs.com/package/thumbgate
+- Documentation: https://thumbgate-production.up.railway.app/guide
+- Comparison: https://thumbgate-production.up.railway.app/compare
+- Team sprint intake: https://thumbgate-production.up.railway.app/#workflow-sprint-intake
+
+## How ThumbGate Promotes AI Authenticity
+
+In an era of AI slop — where agents generate repetitive, generic outputs that erode brand trust — ThumbGate is the enforcement layer that keeps AI behavior grounded in human judgment.
+
+The core thesis: AI slop happens when agents act without human judgment as a hard gate. ThumbGate solves this at the tool-call level, not through prompt suggestions the agent can ignore.
+
+- **Human insight leads**: The thumbs-up/down mechanism is a literal human gate between AI intent and execution. The agent cannot proceed on blocked patterns.
+- **Standards, not patterns**: Every thumbs-down distills into a prevention rule specific to your team's context — not a generic best practice.
+- **Authenticity over volume**: ThumbGate reinforces what "good" looks like for your specific codebase, standards, and risk tolerance. Agents learn your standards, not average AI behavior.
+- **Discovery advantage**: As platforms and search engines increasingly reward authentic, human-verified outputs over high-volume AI generation, ThumbGate provides the enforcement infrastructure that proves human oversight was applied.
+
+**Positioning for authenticity-conscious audiences**: ThumbGate is the authenticity enforcement layer for AI coding agents. Where AI slop is the symptom, unconstrained agent autonomy is the cause. ThumbGate addresses the cause.
+
+*Last updated: 2026-04-09*

package/public/pro.html

@@ -792,10 +792,10 @@ __GA_BOOTSTRAP__
 <section class="hero">
   <div class="container hero-grid">
     <div class="panel hero-copy">
-      <div class="eyebrow">Paid lane for individual operators</div>
-      <h1>Stop paying review time for the same AI mistake twice.</h1>
-      <p>ThumbGate Pro is for the operator who already likes the free local install, but now needs a personal local dashboard, DPO export, review-ready evidence, and founder support on the workflows that keep hurting: deploys, migrations, force-pushes, and CI.</p>
-      <p>Free remains the honest default if all you need is local recall, Pre-Action Gates, and MCP wiring. Pro is the paid lane when you need faster debugging, exportable proof, and a tighter Reliability Gateway around one operator's real workflow.</p>
+      <div class="eyebrow">Agent governance for engineering teams</div>
+      <h1>One correction protects every agent on your team.</h1>
+      <p>ThumbGate prevents unsafe AI agent actions before they hit shared repos, CI pipelines, and production. When one developer flags a bad pattern, every agent on the team is permanently blocked from repeating it.</p>
+      <p>Open-source core for individuals. Team plan for shared enforcement, CI gates, approval policies, and audit trails across your engineering org.</p>
       <div class="hero-proof">
         <div class="proof-pill">Personal local dashboard</div>
         <div class="proof-pill">DPO export from real corrections</div>
@@ -947,30 +947,32 @@ __GA_BOOTSTRAP__
   <div class="container pricing-shell">
     <div class="pricing-card">
       <div class="section-label" style="text-align:left;margin-bottom:8px;">Pricing</div>
-      <h3>ThumbGate Pro for one operator</h3>
-      <div class="price">$19<span>/mo</span></div>
-      <div class="annual">or $149/yr when you already know this workflow needs to stay hardened</div>
-      <p class="pricing-note">Pro keeps the local-first posture and adds the paid operator surface: personal local dashboard, DPO export, auto-connect after activation, Model Hardening Advisor, and founder support.</p>
+      <h3>ThumbGate Team — Agent Governance</h3>
+      <div class="price">$99<span>/seat/mo</span></div>
+      <div class="annual">Billed monthly or annually · Starts with a 30-min pilot call</div>
+      <p class="pricing-note">Shared enforcement memory, CI gates, approval policies, sandbox routing, and a full audit trail of every blocked agent action across your team.</p>
       <ul>
-        <li>Visual gate debugger to inspect every blocked action and the gate that fired.</li>
-        <li>DPO training data export from real thumbs-down corrections.</li>
-        <li>Auto-connect running agents to your personal local dashboard after activation.</li>
-        <li>Founder support on risky workflows: migrations, deploys, force-pushes, and CI.</li>
+        <li><strong>Shared enforcement</strong> — one developer's correction blocks that pattern for every agent on the team.</li>
+        <li><strong>CI gate integration</strong> — block unsafe merges, enforce test requirements, prevent PRs with unresolved threads.</li>
+        <li><strong>Approval policies</strong> — require human sign-off for high-risk actions (production deploys, schema migrations, destructive SQL).</li>
+        <li><strong>Audit trail</strong> — every blocked action logged with timestamp, agent, context, and the rule that fired.</li>
+        <li><strong>Sandbox routing</strong> — route risky agent runs into isolated execution environments.</li>
+        <li><strong>Org dashboard</strong> — active agents, gate hit rates, risk scores, and proof-backed team metrics.</li>
       </ul>
       <div class="pricing-actions">
-        <a class="btn-primary btn-pro-checkout" href="/checkout/pro?utm_source=website&utm_medium=pro_page_pricing&utm_campaign=pro_pack&cta_id=pro_page_pricing_monthly&cta_placement=pricing&plan_id=pro&landing_path=%2Fpro">Start 7-Day Free Trial</a>
-        <a class="btn-secondary btn-pro-checkout" href="/checkout/pro?utm_source=website&utm_medium=pro_page_pricing&utm_campaign=pro_pack&cta_id=pro_page_pricing_annual&cta_placement=pricing&plan_id=pro&billing_cycle=annual&landing_path=%2Fpro">Choose annual</a>
+        <a class="btn-primary" href="/#workflow-sprint-intake">Book a Team Pilot Call</a>
+        <a class="btn-secondary btn-demo" href="/dashboard?utm_source=website&utm_medium=pro_page_pricing&utm_campaign=team">Open dashboard demo</a>
       </div>
-      <div class="pricing-meta">If the personal local dashboard and export path do not matter yet, stay on Free. This page exists so paid buyers do not have to infer the value from the general homepage.</div>
+      <div class="pricing-meta">Team pricing anchors at $99/seat/mo with a 3-seat minimum. Starts with one workflow, one repo, one repeat failure. We measure before/after and expand only when the results are real.</div>
     </div>
 
     <div class="pricing-sidebar">
       <div class="team-card">
         <div class="section-label" style="text-align:left;margin-bottom:8px;">When Team is better</div>
-        <h3>Multiple agents, shared repos, one correction that should protect everyone</h3>
-        <p>Choose Team when you need a shared hosted lesson DB, org dashboard visibility, hosted review views, and a workflow hardening pilot instead of one operator's personal local dashboard.</p>
+        <h3>Solo developer? Start free.</h3>
+        <p>The open-source core gives you local enforcement, PreToolUse hooks, and MCP integrations at no cost. Upgrade to Team when your org needs shared enforcement and audit.</p>
         <div class="hero-actions" style="margin-top:18px;">
-          <a class="btn-secondary" href="/?utm_source=website&utm_medium=pro_page&utm_campaign=team_rollout#workflow-sprint-intake">Start team pilot intake</a>
+          <a class="btn-secondary" href="/guide?utm_source=website&utm_medium=pro_page&utm_campaign=free_install">Install free locally</a>
         </div>
       </div>
       <div class="team-card">
@@ -1010,11 +1012,11 @@ __GA_BOOTSTRAP__
 <section class="final-cta">
   <div class="container">
     <div class="final-shell">
-      <h2>Make the paid path obvious before you ask for the card.</h2>
-      <p>ThumbGate Pro exists for the operator who wants the local dashboard, DPO export, and proof-ready story. The free install stays honest. The paid lane now has its own page.</p>
+      <h2>Your team's AI agents are one bad action away from breaking production.</h2>
+      <p>ThumbGate prevents force-pushes, secret commits, unsafe publishes, and destructive SQL before they execute. One correction protects every developer on your team — permanently.</p>
       <div class="hero-actions" style="justify-content:center;">
-        <a class="btn-primary btn-pro-checkout" href="/checkout/pro?utm_source=website&utm_medium=pro_page_final&utm_campaign=pro_pack&cta_id=pro_page_final&cta_placement=final&plan_id=pro&landing_path=%2Fpro">Start 7-Day Free Trial</a>
-        <a class="btn-secondary btn-demo" href="/dashboard?utm_source=website&utm_medium=pro_page_final&utm_campaign=pro_pack">Open dashboard demo</a>
+        <a class="btn-primary" href="/#workflow-sprint-intake">Book a Team Pilot Call</a>
+        <a class="btn-secondary btn-demo" href="/dashboard?utm_source=website&utm_medium=pro_page_final&utm_campaign=team">Open dashboard demo</a>
       </div>
     </div>
   </div>

package/scripts/access-anomaly-detector.js

@@ -3,8 +3,8 @@
 const fs = require('fs');
 const path = require('path');
 const { resolveFeedbackDir } = require('./feedback-paths');
+const { readJsonl } = require('./fs-utils');
 function getAccessLogPath() { return path.join(resolveFeedbackDir(), 'access-log.jsonl'); }
-function readJsonl(fp) { if (!fs.existsSync(fp)) return []; const raw = fs.readFileSync(fp, 'utf-8').trim(); if (!raw) return []; return raw.split('\n').map((l) => { try { return JSON.parse(l); } catch { return null; } }).filter(Boolean); }
 function recordAccessAttempt({ agentId, authorized, reason, source } = {}) { const lp = getAccessLogPath(); const dir = path.dirname(lp); if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true }); const e = { id: `access_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`, timestamp: new Date().toISOString(), agentId: agentId || 'unknown', authorized: authorized !== false, reason: reason || '', source: source || 'unknown' }; fs.appendFileSync(lp, JSON.stringify(e) + '\n'); return e; }
 function computeAccessStats({ periodHours = 24 } = {}) { const entries = readJsonl(getAccessLogPath()); const cutoff = Date.now() - periodHours * 60 * 60 * 1000; const recent = entries.filter((e) => new Date(e.timestamp).getTime() > cutoff); const authorized = recent.filter((e) => e.authorized).length; const failed = recent.filter((e) => !e.authorized).length; const total = recent.length; const failRate = total > 0 ? Math.round((failed / total) * 1000) / 10 : 0; const byAgent = {}; for (const e of recent) { if (!byAgent[e.agentId]) byAgent[e.agentId] = { authorized: 0, failed: 0 }; if (e.authorized) byAgent[e.agentId].authorized++; else byAgent[e.agentId].failed++; } return { periodHours, total, authorized, failed, failRate, byAgent }; }
 function detectAnomalies({ baselineHours = 168, recentHours = 24, spikeMultiplier = 3 } = {}) { const baseline = computeAccessStats({ periodHours: baselineHours }); const recent = computeAccessStats({ periodHours: recentHours }); const baselineRate = baselineHours > 0 ? baseline.failed / baselineHours : 0; const recentRate = recentHours > 0 ? recent.failed / recentHours : 0; const isAnomaly = baselineRate > 0 && recentRate > baselineRate * spikeMultiplier; const isHighFailRate = recent.failRate > 20 && recent.total >= 5; const anomalies = []; if (isAnomaly) anomalies.push({ type: 'failure_spike', severity: recentRate > baselineRate * 5 ? 'critical' : 'warning', message: `Failed access rate ${recentRate.toFixed(1)}/h is ${(recentRate / baselineRate).toFixed(1)}x the baseline ${baselineRate.toFixed(1)}/h`, recentRate, baselineRate }); if (isHighFailRate) anomalies.push({ type: 'high_fail_rate', severity: recent.failRate > 50 ? 'critical' : 'warning', message: `${recent.failRate}% of access attempts failed in the last ${recentHours}h (${recent.failed}/${recent.total})`, failRate: recent.failRate }); for (const [agentId, counts] of Object.entries(recent.byAgent)) { const agentTotal = counts.authorized + counts.failed; if (counts.failed >= 5 && counts.failed / agentTotal > 0.5) anomalies.push({ type: 'agent_abuse', severity: 'warning', message: `Agent ${agentId}: ${counts.failed} failed attempts out of ${agentTotal}`, agentId }); } return { baseline: { periodHours: baselineHours, failedPerHour: Math.round(baselineRate * 100) / 100 }, recent: { periodHours: recentHours, failedPerHour: Math.round(recentRate * 100) / 100, ...recent }, anomalies, hasAnomalies: anomalies.length > 0, checkedAt: new Date().toISOString() }; }

package/scripts/adk-consolidator.js

@@ -23,11 +23,6 @@ const { validateApiKey } = require('./billing');
 // Keep track of the last processed ID to avoid re-consolidating the exact same logs
 const STATE_FILE = process.env.ADK_STATE_FILE || path.join(PROJECT_ROOT, '.thumbgate', 'adk-state.json');
 
-function ensureDir(dirPath) {
-  if (!fs.existsSync(dirPath)) {
-    fs.mkdirSync(dirPath, { recursive: true });
-  }
-}
 
 function loadState() {
   if (fs.existsSync(STATE_FILE)) {
@@ -46,6 +41,7 @@ function saveState(state) {
 }
 
 const { createRuleProposal, createReasoningTrace } = require('./a2ui-engine');
+const { ensureDir } = require('./fs-utils');
 
 function buildFakeConsolidation(anchorLogs, newLogs) {
   const combined = [...anchorLogs, ...newLogs].filter(Boolean);

package/scripts/agent-security-hardening.js

@@ -14,11 +14,9 @@
 const fs = require('fs');
 const path = require('path');
 const { resolveFeedbackDir } = require('./feedback-paths');
+const { ensureParentDir, readJsonl } = require('./fs-utils');
 
 function getFeedbackDir() { return resolveFeedbackDir(); }
-function ensureDir(fp) { const d = path.dirname(fp); if (!fs.existsSync(d)) fs.mkdirSync(d, { recursive: true }); }
-function readJsonl(fp) { if (!fs.existsSync(fp)) return []; const raw = fs.readFileSync(fp, 'utf-8').trim(); if (!raw) return []; return raw.split('\n').map((l) => { try { return JSON.parse(l); } catch { return null; } }).filter(Boolean); }
-
 const CRED_LOG = 'credential-attestations.jsonl';
 const ESCALATION_LOG = 'escalation-events.jsonl';
 const DEP_LOG = 'dependency-attestations.jsonl';
@@ -47,7 +45,7 @@ function attestCredential({ agentId, credentialType, credentialId, toolName, sco
     sessionId: sessionId || null,
   };
   const logPath = getCredLogPath();
-  ensureDir(logPath);
+  ensureParentDir(logPath);
   fs.appendFileSync(logPath, JSON.stringify(entry) + '\n');
   return entry;
 }
@@ -114,7 +112,7 @@ function detectPrivilegeEscalation({ agentId, toolName, mcpProfile } = {}) {
       message: `Agent "${agentId}" attempted to use "${toolName}" which is outside "${profile}" profile scope`,
     };
     const logPath = getEscalationLogPath();
-    ensureDir(logPath);
+    ensureParentDir(logPath);
     fs.appendFileSync(logPath, JSON.stringify(event) + '\n');
     return { escalation: true, event };
   }
@@ -197,7 +195,7 @@ function attestDependency({ packageName, version, agentId, action } = {}) {
   };
 
   const logPath = getDepLogPath();
-  ensureDir(logPath);
+  ensureParentDir(logPath);
   fs.appendFileSync(logPath, JSON.stringify(event) + '\n');
 
   return { allowed, findings, isTrustedScope, event };

package/scripts/agentic-data-pipeline.js

@@ -18,6 +18,7 @@ const {
 } = require('./analytics-window');
 const { appendWorkflowRun } = require('./workflow-runs');
 const { buildPredictiveInsights } = require('./predictive-insights');
+const { ensureDir } = require('./fs-utils');
 
 const PIPELINE_DIRNAME = 'agentic-data-pipeline';
 const DEFAULT_JOB_ID = 'agentic-data-pipeline';
@@ -32,9 +33,6 @@ function normalizeText(value) {
   return text || null;
 }
 
-function ensureDir(dirPath) {
-  fs.mkdirSync(dirPath, { recursive: true });
-}
 
 function readJson(filePath) {
   try {

package/scripts/async-job-runner.js

@@ -8,6 +8,7 @@ const { captureFeedback, analyzeFeedback, getFeedbackPaths, readJSONL } = requir
 const { runVerificationLoop } = require('./verification-loop');
 const { createExperiment } = require('./experiment-tracker');
 const { recommendEvolutionTarget } = require('./workspace-evolver');
+const { ensureDir } = require('./fs-utils');
 
 const JOB_LOG_FILENAME = 'job-log.jsonl';
 const JOB_CONTROL_FILENAME = 'job-control.json';
@@ -17,11 +18,6 @@ const RESUMABLE_STATUSES = new Set(['paused', 'running', 'resume_requested']);
 const TERMINAL_STATUSES = new Set(['completed', 'failed', 'cancelled']);
 const CONTROL_ACTIONS = new Set(['pause', 'cancel', 'resume']);
 
-function ensureDir(dirPath) {
-  if (!fs.existsSync(dirPath)) {
-    fs.mkdirSync(dirPath, { recursive: true });
-  }
-}
 
 function nowIso() {
   return new Date().toISOString();

package/scripts/audit-trail.js

@@ -13,6 +13,7 @@
 const fs = require('fs');
 const path = require('path');
 const { resolveFeedbackDir } = require('./feedback-paths');
+const { ensureDir } = require('./fs-utils');
 
 const AUDIT_LOG_FILENAME = 'audit-trail.jsonl';
 
@@ -24,11 +25,6 @@ function getAuditLogPath() {
   return path.join(resolveFeedbackDir(), AUDIT_LOG_FILENAME);
 }
 
-function ensureDir(dirPath) {
-  if (!fs.existsSync(dirPath)) {
-    fs.mkdirSync(dirPath, { recursive: true });
-  }
-}
 
 // ---------------------------------------------------------------------------
 // Core audit record

package/scripts/auto-promote-gates.js

@@ -6,8 +6,8 @@ const path = require('path');
 const { resolveFeedbackDir } = require('./feedback-paths');
 
 const MAX_AUTO_GATES = 10;
-const WARN_THRESHOLD = 3; // 3+ repeated failures surface a warning gate
-const BLOCK_THRESHOLD = 5; // 5+ repeated failures hard-block the action
+const WARN_THRESHOLD = 2; // 2+ repeated failures surface a warning gate
+const BLOCK_THRESHOLD = 3; // 3+ repeated failures hard-block the action
 const WINDOW_DAYS = 30;
 
 const NEG_SIGNALS = new Set(['negative', 'negative_strong', 'down', 'thumbs_down']);
@@ -20,8 +20,10 @@ function getFeedbackLogPath() {
   const localClaude = path.join(process.cwd(), '.claude', 'memory', 'feedback', 'feedback-log.jsonl');
   if (fs.existsSync(localFallback)) return localFallback;
   if (fs.existsSync(localClaude)) return localClaude;
+  // Fall back to resolveFeedbackDir() for proper home-dir resolution
+  const resolved = path.join(resolveFeedbackDir(), 'feedback-log.jsonl');
+  if (fs.existsSync(resolved)) return resolved;
   return localFallback; // default even if doesn't exist
-  return path.join(resolveFeedbackDir(), 'feedback-log.jsonl');
 }
 
 function getAutoGatesPath() {

package/scripts/background-agent-governance.js

@@ -16,21 +16,13 @@
 const fs = require('fs');
 const path = require('path');
 const { resolveFeedbackDir } = require('./feedback-paths');
+const { ensureParentDir, readJsonl } = require('./fs-utils');
 
 const RUNS_FILE = 'agent-runs.jsonl';
 
 function getFeedbackDir() { return resolveFeedbackDir(); }
 function getRunsPath() { return path.join(getFeedbackDir(), RUNS_FILE); }
 
-function readJsonl(fp) {
-  if (!fs.existsSync(fp)) return [];
-  const raw = fs.readFileSync(fp, 'utf-8').trim();
-  if (!raw) return [];
-  return raw.split('\n').map((l) => { try { return JSON.parse(l); } catch { return null; } }).filter(Boolean);
-}
-
-function ensureDir(fp) { const d = path.dirname(fp); if (!fs.existsSync(d)) fs.mkdirSync(d, { recursive: true }); }
-
 // ---------------------------------------------------------------------------
 // 1. Run Tracking
 // ---------------------------------------------------------------------------
@@ -41,7 +33,7 @@ function ensureDir(fp) { const d = path.dirname(fp); if (!fs.existsSync(d)) fs.m
  */
 function recordAgentRun({ agentId, runType, source, branch, prNumber, status, gatesChecked, gatesBlocked, filesChanged, ciPassed, duration, metadata } = {}) {
   const runsPath = getRunsPath();
-  ensureDir(runsPath);
+  ensureParentDir(runsPath);
   const run = {
     id: `run_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`,
     timestamp: new Date().toISOString(),