thumbgate 1.4.0 → 1.4.1

package/adapters/chatgpt/INSTALL.md

@@ -1,11 +1,64 @@
 # ChatGPT GPT Actions: ThumbGate Install
 
-Import the OpenAPI spec into a Custom GPT in under 5 minutes. No coding required.
+Use the published ThumbGate GPT from GPT Store when it is visible for your account, or import the OpenAPI spec into a Custom GPT in under 5 minutes. Regular users use it by replying with 👍/👎 or "thumbs up/down" on ChatGPT answers so ThumbGate remembers lessons, prevents repeated bad answers, and reinforces the answers that worked.
+
+## GPT Store path
+
+1. Open ChatGPT.
+2. Open **Explore GPTs**.
+3. Search for `ThumbGate`.
+4. Choose the GPT by **Igor Ganapolsky** in the **Programming** category.
+
+Direct store URL status: published by the operator on April 13, 2026, but the public `chatgpt.com/g/...` URL has not been captured in this repo yet. Do not invent a URL; add it here once the share link is available.
+
+## 30-second regular-user flow
+
+1. Ask the ThumbGate GPT any normal question.
+2. If the answer helped, reply with `👍` plus one sentence about what worked.
+3. If the answer missed, reply with `👎` plus one sentence about what to change.
+4. Ask `What do you remember about how I like answers?` to verify the saved lessons.
+
+The user should never need to know what MCP, OpenAPI, Actions, DPO, or prevention rules mean. The GPT should explain the loop as: "Reply 👍 or 👎. I remember the lesson for next time."
+
+## Regular-user prompts
+
+Use these as GPT conversation starters so regular users know how to teach ThumbGate:
+
+1. `👎 this answer was too vague. Next time give me exact steps.`
+2. `👍 this format worked. Remember to answer with short numbered steps.`
+3. `Thumbs down: you assumed I know technical terms. Next time explain it for a beginner first.`
+4. `Remember this lesson: I prefer direct answers with examples before theory.`
+5. `Search my ThumbGate lessons before answering this.`
+
+Use typed chat replies. ChatGPT's native feedback buttons may send feedback to OpenAI, but they should not be described as the ThumbGate capture path unless OpenAI exposes them to GPT Actions.
+
+## Pre-action gate flow
+
+Use this when the user asks whether an AI agent should run a proposed action, command, file edit, deployment, merge, or publish step:
+
+1. The GPT calls `evaluateDecision` (`POST /v1/decisions/evaluate`) before answering.
+2. If the response has `decisionControl.executionMode: "blocked"`, the GPT says the action is blocked and explains the returned reason.
+3. If the response has `decisionControl.executionMode: "checkpoint_required"`, the GPT asks for explicit confirmation before proceeding.
+4. If the response has `decisionControl.executionMode: "auto_execute"`, the GPT can say the action is allowed and summarize why.
+
+Plain thumbs-up/down feedback is the memory loop. The decision endpoint is the gate loop. Do not claim hard blocking unless the decision endpoint, a saved lesson, or a prevention rule was actually applied.
+
+## Best first GPT message
+
+Use this as the first response for regular users:
+
+```text
+Ask me anything. After my answer, reply 👍 if it helped or 👎 plus one sentence if it missed. I will remember the lesson, avoid repeating bad answer patterns, and reuse the formats you like.
+```
 
 ## Prerequisites
 
 - A ChatGPT Plus or Team account (Custom GPTs require a paid plan)
-- ThumbGate API running at a public HTTPS URL (see [Deployment docs](../../docs/deployment.md))
+- ThumbGate API running at `https://thumbgate-production.up.railway.app`
+- Privacy policy URL: `https://thumbgate-production.up.railway.app/privacy`
+- Owner-managed `THUMBGATE_API_KEY` for one-time GPT Builder Actions auth
+
+Regular GPT users should not need an API key, JSON payload, OpenAPI knowledge, or developer setup. They should only see the thumbs-up/down memory loop.
 
 ## Step 1 — Open GPT Builder
 
@@ -19,7 +72,7 @@ Import the OpenAPI spec into a Custom GPT in under 5 minutes. No coding required
 2. Click **Create new action**
 3. Click **Import from URL** — paste your hosted spec URL:
    ```
-   https://<your-railway-domain>/openapi.yaml
+   https://thumbgate-production.up.railway.app/openapi.yaml
    ```
    Or click **Upload file** and select:
    ```
@@ -34,13 +87,15 @@ In the Actions panel:
 2. **Auth type**: Bearer
 3. **API Key**: paste your `THUMBGATE_API_KEY` value
 
+This is an owner setup field. Do not ask regular GPT users to provide an API key.
+
 ## Step 4 — Update the Server URL
 
 In the imported spec, confirm the `servers.url` points to your deployed API:
 
 ```yaml
 servers:
-  - url: https://<your-railway-domain>
+  - url: https://thumbgate-production.up.railway.app
 ```
 
 If you uploaded the file, edit the server URL in the GPT Actions editor.

package/bin/cli.js

@@ -1506,6 +1506,7 @@ function help() {
   console.log('  capture [flags]       Capture feedback (--feedback=up|down --context="..." --tags="...")');
   console.log('  stats                 Show feedback analytics + Revenue-at-Risk');
   console.log('  cfo                   Show hosted billing summary when configured, else local fallback JSON');
+  console.log('  billing:setup         Generate operator key + print Railway setup instructions');
   console.log('  repair-github-marketplace  Dry-run or apply legacy GitHub Marketplace amount repairs (--write)');
   console.log('  north-star            Show proof-backed workflow-run progress toward the North Star');
   console.log('  summary               Human-readable feedback summary');
@@ -1612,6 +1613,9 @@ switch (COMMAND) {
   case 'revenue':
     cfo();
     break;
+  case 'billing:setup':
+    require(path.join(PKG_ROOT, 'scripts', 'billing-setup'));
+    break;
   case 'repair-github-marketplace':
     repairGithubMarketplace();
     break;

package/config/github-about.json

@@ -3,7 +3,7 @@
   "repositoryUrl": "https://github.com/IgorGanapolsky/ThumbGate",
   "homepageUrl": "https://thumbgate-production.up.railway.app",
   "githubDescription": "CLI-first agent governance for AI coding workflows: pre-action gates, shared lessons, and team safeguards that stop repeated agent mistakes.",
-  "metaDescription": "CLI-first agent governance for teams shipping AI-generated changes. 👎 Thumbs down distills history-aware lessons from up to 8 prior entries and stays linked to a 60-second feedback session. 👍 Thumbs up reinforces safe patterns. Pre-action gates, workflow governance, shared lessons and org visibility, release confidence, and isolated execution guidance turn vibe coding mistakes into shared enforcement and proof-ready rollout.",
+  "metaDescription": "CLI-first agent governance for teams shipping AI-generated changes. \ud83d\udc4e Thumbs down distills history-aware lessons from up to 8 prior entries and stays linked to a 60-second feedback session. \ud83d\udc4d Thumbs up reinforces safe patterns. Pre-action gates, workflow governance, shared lessons and org visibility, release confidence, and isolated execution guidance turn vibe coding mistakes into shared enforcement and proof-ready rollout.",
   "topics": [
     "thumbgate",
     "pre-action-gates",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "description": "ThumbGate: self-improving agent governance for engineering teams. Three-tier approval routing (block/approve/log), shared enforcement, CI gates, and audit trails. Every mistake becomes a prevention rule. PreToolUse hooks, Thompson Sampling, SQLite+FTS5 lesson DB, and LanceDB vector search.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -37,6 +37,7 @@
     "changeset:status": "changeset status",
     "changeset:check": "node scripts/changeset-check.js",
     "build:claude-mcpb": "node scripts/build-claude-mcpb.js",
+    "build:claude-review-zip": "node scripts/build-claude-mcpb.js --review-zip",
     "build:codex-plugin": "node scripts/build-codex-plugin.js",
     "verify:quick": "node scripts/verify-run.js quick",
     "verify:full": "node scripts/verify-run.js full",
@@ -71,7 +72,7 @@
     "social:post-everywhere:dry": "node scripts/post-everywhere.js --dry-run",
     "social:reply-monitor": "node scripts/social-reply-monitor.js",
     "social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
-    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:lesson-retrieval && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:seo-guides",
+    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:lesson-retrieval && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:seo-guides && npm run test:enforcement-loop",
     "test:feedback-fallback": "node --test tests/feedback-fallback.test.js",
     "test:metaclaw": "node --test tests/metaclaw-features.test.js",
     "test:server-lock": "node --test tests/server-stdio-lock.test.js",
@@ -92,6 +93,7 @@
     "test:memory-firewall": "node --test tests/memory-firewall.test.js",
     "test:belief-update": "node --test tests/belief-update.test.js",
     "test:hosted-config": "node --test tests/hosted-config.test.js",
+    "test:operational-summary": "node --test tests/operational-summary.test.js",
     "test:cloudflare-sandbox": "node --test tests/cloudflare-dynamic-sandbox.test.js tests/cloudflare-sandbox-api.test.js",
     "test:mcp-config": "node --test tests/mcp-config.test.js",
     "test:plan-gate": "node --test tests/plan-gate.test.js",
@@ -132,13 +134,13 @@
     "test:training-export": "node --test tests/training-export.test.js tests/databricks-export.test.js",
     "test:deployment": "node --test tests/deployment.test.js tests/deploy-policy.test.js tests/publish-decision.test.js tests/changeset-check.test.js tests/sonarcloud-workflow.test.js",
     "test:operational-integrity": "node --test tests/operational-integrity.test.js tests/sync-branch-protection.test.js",
-    "test:workflow": "node --test tests/workflow-contract.test.js tests/social-marketing-assets.test.js tests/social-pipeline.test.js tests/positioning-contract.test.js tests/docs-claim-hygiene.test.js tests/workflow-runs.test.js tests/workflow-sprint-intake.test.js tests/gtm-revenue-loop.test.js tests/enterprise-story.test.js",
+    "test:workflow": "node --test tests/workflow-contract.test.js tests/social-marketing-assets.test.js tests/social-pipeline.test.js tests/positioning-contract.test.js tests/docs-claim-hygiene.test.js tests/workflow-runs.test.js tests/workflow-sprint-intake.test.js tests/gtm-revenue-loop.test.js tests/enterprise-story.test.js tests/ralph-loop.test.js",
     "test:billing": "node --test tests/billing.test.js",
     "test:cli": "node --test tests/analytics-report.test.js tests/creator-campaigns.test.js tests/cli.test.js tests/codex-bridge-script.test.js tests/dispatch-brief.test.js tests/feedback-normalize.test.js tests/install-mcp.test.js tests/pr-manager.test.js tests/pro-local-dashboard.test.js tests/published-cli.test.js tests/revenue-status.test.js",
     "test:evolution": "node --test tests/workspace-evolver.test.js",
     "test:watcher": "node --test tests/jsonl-watcher.test.js",
     "test:autoresearch": "node --test tests/autoresearch.test.js",
-    "test:ops": "node --test tests/adk-consolidator.test.js tests/anthropic-partner-strategy.test.js tests/auto-promote-gates.test.js tests/auto-wire-hooks.test.js tests/claude-skill.test.js tests/codegraph-context.test.js tests/commercial-signals.test.js tests/decision-journal.test.js tests/delegation-runtime.test.js tests/disagreement-mining.test.js tests/failure-diagnostics.test.js tests/gate-stats.test.js tests/github-billing.test.js tests/intervention-policy.test.js tests/markdown-escape.test.js tests/mcp-tools-gates.test.js tests/project-bayes-e2e.test.js tests/project-bayes.test.js tests/rate-limiter.test.js tests/schedule-manager.test.js tests/session-handoff.test.js tests/skill-generator.test.js tests/smart-learning.test.js tests/spike-and-sink.test.js tests/stripe-webhook-route.test.js tests/train-from-feedback.test.js tests/workflow-hardening-sprint.test.js tests/workflow-sentinel.test.js tests/test-suite-parity.test.js tests/a2ui-engine.test.js tests/webhook-delivery.test.js",
+    "test:ops": "node --test tests/adk-consolidator.test.js tests/anthropic-partner-strategy.test.js tests/auto-promote-gates.test.js tests/auto-wire-hooks.test.js tests/claude-skill.test.js tests/codegraph-context.test.js tests/commercial-signals.test.js tests/decision-journal.test.js tests/delegation-runtime.test.js tests/disagreement-mining.test.js tests/failure-diagnostics.test.js tests/gate-stats.test.js tests/github-billing.test.js tests/intervention-policy.test.js tests/markdown-escape.test.js tests/mcp-tools-gates.test.js tests/project-bayes-e2e.test.js tests/project-bayes.test.js tests/rate-limiter.test.js tests/schedule-manager.test.js tests/session-handoff.test.js tests/skill-generator.test.js tests/smart-learning.test.js tests/spike-and-sink.test.js tests/stripe-webhook-route.test.js tests/stripe-webhook-rotation.test.js tests/train-from-feedback.test.js tests/workflow-hardening-sprint.test.js tests/workflow-sentinel.test.js tests/test-suite-parity.test.js tests/a2ui-engine.test.js tests/webhook-delivery.test.js",
     "test:tessl": "node --test tests/tessl-export.test.js",
     "test:gates": "node --test tests/gate-templates.test.js tests/gates-engine.test.js tests/claim-verification.test.js tests/secret-scanner.test.js tests/prompt-guard.test.js tests/audit-trail.test.js tests/profile-router.test.js tests/workflow-sentinel.test.js tests/docker-sandbox-planner.test.js",
     "test:budget": "node --test tests/budget-enforcer.test.js",
@@ -248,6 +250,7 @@
     "test:sync-launch-assets": "node --test tests/sync-launch-assets.test.js",
     "test:reddit-publisher": "node --test tests/reddit-publisher.test.js",
     "test:engagement-audit": "node --test tests/engagement-audit.test.js",
+    "test:enforcement-loop": "node --test tests/enforcement-loop-fixes.test.js",
     "test:ai-search-visibility": "node --test tests/ai-search-visibility.test.js",
     "test:security-scanner": "node --test tests/security-scanner.test.js",
     "test:llm-client": "node --test tests/llm-client.test.js",
@@ -340,6 +343,7 @@
   "devDependencies": {
     "@changesets/changelog-github": "^0.5.1",
     "@changesets/cli": "^2.30.0",
-    "c8": "^11.0.0"
+    "c8": "^11.0.0",
+    "undici": "^8.0.2"
   }
 }

package/public/index.html

@@ -19,9 +19,9 @@
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 __GOOGLE_SITE_VERIFICATION_META__
-<title>ThumbGate — Agent governance for AI coding workflows</title>
+<title>ThumbGate — Your AI agent just made that mistake again. One thumbs-down. It never happens again.</title>
 <meta name="description" content="CLI-first agent governance for teams shipping AI-generated changes. 👎 Thumbs down distills history-aware lessons from up to 8 prior entries and stays linked to a 60-second feedback session. 👍 Thumbs up reinforces safe patterns. Pre-action gates, workflow governance, shared lessons and org visibility, release confidence, and isolated execution guidance turn vibe coding mistakes into shared enforcement and proof-ready rollout.">
-<meta property="og:title" content="ThumbGate — Agent governance for AI coding workflows">
+<meta property="og:title" content="ThumbGate — Your AI agent just made that mistake again. One thumbs-down. It never happens again.">
 <meta property="og:description" content="CLI-first agent governance for teams shipping AI-generated changes. 👎 Thumbs down distills history-aware lessons from up to 8 prior entries and stays linked to a 60-second feedback session. 👍 Thumbs up reinforces safe patterns. Pre-action gates, workflow governance, shared lessons and org visibility, release confidence, and isolated execution guidance turn vibe coding mistakes into shared enforcement and proof-ready rollout.">
 <meta property="og:type" content="website">
 <meta name="keywords" content="ThumbGate, thumbgate, agent governance, AI coding workflow governance, workflow hardening sprint, pre-action gates, CLI-first agent safety, Claude Code, Cursor, Codex, Gemini, Amp, OpenCode, approval policies, audit trail, release confidence, Docker Sandboxes, feedback enforcement, context engineering, AI authenticity, prevent AI slop, human-led AI, AI agent standards enforcement, brand authenticity AI">
@@ -425,6 +425,14 @@ __GA_BOOTSTRAP__
     .proof-bar .dot { display: none; }
   }
 </style>
+  <!-- PostHog Analytics -->
+  <script>
+    !function(t,e){var o,n,p,r;e.__SV||(window.posthog=e,e._i=[],e.init=function(i,s,a){function g(t,e){var o=e.split(".");2==o.length&&(t=t[o[0]],e=o[1]),t[e]=function(){t.push([e].concat(Array.prototype.slice.call(arguments,0)))}}(p=t.createElement("script")).type="text/javascript",p.crossOrigin="anonymous",p.async=!0,p.src=s.api_host.replace(".i.posthog.com","-assets.i.posthog.com")+"/static/array.js",(r=t.getElementsByTagName("script")[0]).parentNode.insertBefore(p,r);var u=e;for(void 0!==a?u=e[a]=[]:a=u._i.push([i,s,a]),u._i.push([i,s,a]),u.init=function(t,e,i){g(u,"capture"),u.push(["init",t,e,i])},u.capture=function(t,e,i,o){u.push(["capture",t,e,i,o])},u.identify=function(t,e,i){u.push(["identify",t,e,i])},u.alias=function(t,e){u.push(["alias",t,e])},u.people={set:function(t,e,i){u.push(["people.set",t,e,i])}},u.featureFlags={},u.onFeatureFlags=function(t){u.push(["onFeatureFlags",t])},u.toString=function(t){var e="posthog";return a&&a!==e&&(e+="."+a),t||(e+=" (stub)"),e},u.people.set_once=function(t,e,i){u.push(["people.set_once",t,e,i])},u.group=function(t,e,i){u.push(["group",t,e,i])},u.setPersonPropertiesForFlags=function(t){u.push(["setPersonPropertiesForFlags",t])},u.resetGroupPropertiesForFlags=function(t){u.push(["resetGroupPropertiesForFlags",t])},u.setGroupPropertiesForFlags=function(t){u.push(["setGroupPropertiesForFlags",t])},u.reloadFeatureFlags=function(){u.push(["reloadFeatureFlags"])},u.capture=function(t,e,i,o){u.push(["capture",t,e,i,o])},u.identify=function(t,e,i){u.push(["identify",t,e,i])},0===t.indexOf(".")){var s=t.substring(1);u=e[s]=[],u._i=[]}e._i.push([i,s,a])},e.__SV=1)}(document,window.posthog||[]);
+  posthog.init('__POSTHOG_API_KEY__', {
+    api_host: 'https://us.i.posthog.com',
+    person_profiles: 'identified_only',
+  });
+  </script>
 </head>
 <body>
 
@@ -443,7 +451,7 @@ __GA_BOOTSTRAP__
       <a href="/learn">Learn</a>
       <a href="/compare">Compare</a>
       <a href="/dashboard">Dashboard Demo</a>
-      <a href="#workflow-sprint-intake" class="nav-cta">Start Sprint</a>
+      <a href="#workflow-sprint-intake" onclick="posthog.capture('workflow_sprint')" class="nav-cta">Start Sprint</a>
     </div>
   </div>
 </nav>
@@ -452,31 +460,38 @@ __GA_BOOTSTRAP__
 <section class="hero">
   <div class="container">
     <div class="hero-thumbs">👍👎</div>
-    <div class="hero-badge">● Workflow Hardening Sprint for teams shipping AI-generated changes</div>
-    <h1>Make one AI workflow<br>safe enough to ship team-wide.</h1>
+    <div class="hero-badge">● Your AI agent just made that mistake again</div>
+    <h1>Your AI agent just made<br>that mistake again.<br><span style="color:var(--cyan)">One thumbs-down.<br>It never happens again.</span></h1>
+    <p style="font-size:18px;color:var(--text-muted);max-width:560px;margin:0 auto 20px;line-height:1.6;">Session 1: your agent force-pushes, skips tests, or runs a DROP on prod.<br>You give it a 👎.<br><strong style="color:var(--text)">Session 2: gate fires. Action blocked before execution.</strong></p>
     <div class="hero-signals">
       <div class="signal-pill signal-down">👎 Repeated failure becomes enforcement before the next run</div>
-      <div class="signal-pill signal-up">👍 Safe pattern reinforced across the shared workflow</div>
-      <div class="signal-pill">🛡️ Human judgment gates every AI action — your standards, not AI slop</div>
-    </div>
-    <p class="hero-persona">For consultancies, platform teams, and AI product teams with one workflow owner, one repeated failure, and one buyer who needs proof before a wider rollout.</p>
-    <p><strong>Best first paid motion:</strong> start with one repo, one workflow, and one repeat failure. ThumbGate turns the blocker into enforcement, routes risky runs toward isolated execution, and gives the buyer a proof-ready story around shared memory, approval boundaries, release confidence, and auditability.</p>
-    <div class="hero-actions">
-      <a href="#workflow-sprint-intake" class="btn-team">Start Workflow Hardening Sprint</a>
-      <a href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip" class="btn-install-link" target="_blank" rel="noopener">Install Codex plugin</a>
-      <a href="/guide?utm_source=website&utm_medium=homepage_hero&utm_campaign=install_free" class="btn-pro-page btn-install-link">Install Free CLI</a>
-      <a href="/dashboard?utm_source=website&utm_medium=homepage_hero&utm_campaign=demo" class="btn-demo-link">Open dashboard demo</a>
+      <div class="signal-pill signal-up">✅ Safe pattern reinforced across the shared workflow</div>
+      <div class="signal-pill">🔁 Works with Claude Code · Cursor · Codex · Gemini · Amp</div>
     </div>
-    <p class="hero-paid-note"><strong>Running Codex?</strong> Download the published plugin bundle or open the <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/plugins/codex-profile/INSTALL.md" target="_blank" rel="noopener">Codex install guide</a> for the repo-local profile and MCP path.</p>
-    <p class="hero-paid-note"><strong>Start free as an individual.</strong> Pro stays the self-serve lane for personal dashboard and DPO export. Team pricing anchors at <strong>$99/seat/mo with a 3-seat minimum</strong>, but the team path starts intake-first with the Workflow Hardening Sprint so buyers see proof before a wider rollout.</p>
-    <div class="hero-install" onclick="copyInstall(this)" title="Click to copy">
-      <span class="prompt">$</span>
-      <span class="cmd">npx thumbgate init</span>
-      <span class="copy-hint">click to copy</span>
+    <p class="hero-persona" style="display:none">For consultancies, platform teams, and AI product teams with one workflow owner, one repeated failure, and one buyer who needs proof before a wider rollout.</p>
+    <div class="hero-actions" style="margin-top:32px;">
+      <div class="hero-install" onclick="copyInstall(this)" title="Click to copy" style="margin-bottom:0;">
+        <span class="prompt">$</span>
+        <span class="cmd">npx thumbgate init</span>
+        <span class="copy-hint">click to copy</span>
+      </div>
+      <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener" class="btn-free" style="display:inline-flex;align-items:center;gap:6px;padding:11px 20px;border-radius:999px;">⭐ Star on GitHub</a>
+      <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/adapters/chatgpt/INSTALL.md" class="btn-install-link" target="_blank" rel="noopener" style="font-size:13px;color:var(--text-muted);text-decoration:none;padding:8px 14px;">Use in ChatGPT →</a>
+      <a href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip" class="btn-install-link" target="_blank" rel="noopener" style="font-size:13px;color:var(--text-muted);text-decoration:none;padding:8px 14px;">Install Codex plugin →</a>
     </div>
+    <p style="font-size:13px;color:var(--text-muted);margin:16px auto 0;max-width:480px;">Free to install. No cloud account needed. Works in 30 seconds.</p>
+    <p style="font-size:13px;color:var(--text-muted);margin:8px auto 28px;max-width:480px;">Team plan is intake-first — one workflow, one repeat failure, proof before wider rollout. Stop vibe coding mistakes from repeating. <a href="#pricing" style="color:var(--cyan);text-decoration:none;">See pricing →</a></p>
     <div class="proof-bar">
       <a href="/guide" rel="noopener">CLI-first setup guide →</a>
       <span class="dot"></span>
+      <a href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-claude-desktop.mcpb" target="_blank" rel="noopener">Claude plugin bundle →</a>
+      <span class="dot"></span>
+      <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/docs/CLAUDE_DESKTOP_EXTENSION.md" target="_blank" rel="noopener">Claude submission packet →</a>
+      <span class="dot"></span>
+      <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/.claude-plugin/README.md" target="_blank" rel="noopener">Claude marketplace install →</a>
+      <span class="dot"></span>
+      <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/adapters/chatgpt/INSTALL.md" target="_blank" rel="noopener">ChatGPT GPT Actions →</a>
+      <span class="dot"></span>
       <a href="https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip" target="_blank" rel="noopener">Codex plugin download →</a>
       <span class="dot"></span>
       <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/docs/VERIFICATION_EVIDENCE.md" target="_blank" rel="noopener">Verification evidence →</a>
@@ -515,9 +530,14 @@ __GA_BOOTSTRAP__
         <p>Codex ships with a published standalone ThumbGate plugin bundle plus a repo-local plugin profile. Download the zip, extract it, and install without wiring MCP by hand.</p>
         <div class="card-arrow">Get the Codex plugin →</div>
       </a>
+      <a class="compat-card" href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/adapters/chatgpt/INSTALL.md" target="_blank" rel="noopener">
+        <h3>💬 ChatGPT GPT Actions</h3>
+        <p>Regular users reply with 👍/👎 or "thumbs up/down" on ChatGPT answers, save the lesson, prevent repeated bad answers, and reinforce the answer patterns that worked.</p>
+        <div class="card-arrow">Use in ChatGPT →</div>
+      </a>
       <a class="compat-card" href="/guides/claude-desktop">
         <h3>🧩 Claude Desktop plugin</h3>
-        <p>One command install. No build step, no cloud account. Grab the <code>.mcpb</code> bundle or run <code>npx thumbgate init --claude-desktop</code>.</p>
+        <p>Install the published <code>.mcpb</code> bundle today, point buyers at the submission packet, and let Claude Code users add the repo marketplace while the official directory review is still pending.</p>
         <div class="card-arrow">Get the Claude plugin →</div>
       </a>
       <a class="compat-card" href="https://github.com/IgorGanapolsky/ThumbGate/tree/main/plugins" target="_blank" rel="noopener">
@@ -759,10 +779,11 @@ __GA_BOOTSTRAP__
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate", "thumbgate", "serve"]
     }
   }
 }</pre>
+    <p style="color: #8b949e; max-width: 760px; margin: 16px auto 0;">Official directory review is separate. Claude Code users can install immediately with <code>/plugin marketplace add IgorGanapolsky/ThumbGate</code> and <code>/plugin install thumbgate@thumbgate-marketplace</code>.</p>
   </div>
 </section>
 

package/scripts/auto-promote-gates.js

@@ -6,8 +6,8 @@ const path = require('path');
 const { resolveFeedbackDir } = require('./feedback-paths');
 
 const MAX_AUTO_GATES = 10;
-const WARN_THRESHOLD = 3; // 3+ repeated failures surface a warning gate
-const BLOCK_THRESHOLD = 5; // 5+ repeated failures hard-block the action
+const WARN_THRESHOLD = 2; // 2+ repeated failures surface a warning gate
+const BLOCK_THRESHOLD = 3; // 3+ repeated failures hard-block the action
 const WINDOW_DAYS = 30;
 
 const NEG_SIGNALS = new Set(['negative', 'negative_strong', 'down', 'thumbs_down']);
@@ -20,8 +20,10 @@ function getFeedbackLogPath() {
   const localClaude = path.join(process.cwd(), '.claude', 'memory', 'feedback', 'feedback-log.jsonl');
   if (fs.existsSync(localFallback)) return localFallback;
   if (fs.existsSync(localClaude)) return localClaude;
+  // Fall back to resolveFeedbackDir() for proper home-dir resolution
+  const resolved = path.join(resolveFeedbackDir(), 'feedback-log.jsonl');
+  if (fs.existsSync(resolved)) return resolved;
   return localFallback; // default even if doesn't exist
-  return path.join(resolveFeedbackDir(), 'feedback-log.jsonl');
 }
 
 function getAutoGatesPath() {

package/scripts/billing-setup.js

@@ -0,0 +1,109 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * billing-setup.js — Wire up hosted billing for the CFO dashboard
+ *
+ * Generates a THUMBGATE_OPERATOR_KEY and stores it locally so that
+ * `node bin/cli.js cfo --today` pulls live revenue from the production server.
+ *
+ * Usage:
+ *   node scripts/billing-setup.js
+ *
+ * After running, set the printed key on Railway:
+ *   railway variables set THUMBGATE_OPERATOR_KEY=<key>
+ * Then redeploy (or let Railway auto-deploy).
+ */
+
+const crypto = require('node:crypto');
+const fs = require('node:fs');
+const path = require('node:path');
+const os = require('node:os');
+
+const LOCAL_CONFIG_PATH = path.join(os.homedir(), '.config', 'thumbgate', 'operator.json');
+const PROD_URL = 'https://thumbgate-production.up.railway.app';
+
+function generateOperatorKey() {
+  return `tg_op_${crypto.randomBytes(20).toString('hex')}`;
+}
+
+function loadExistingConfig() {
+  try {
+    const raw = fs.readFileSync(LOCAL_CONFIG_PATH, 'utf8');
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+
+function saveConfig(config) {
+  const dir = path.dirname(LOCAL_CONFIG_PATH);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(LOCAL_CONFIG_PATH, JSON.stringify(config, null, 2) + '\n', { mode: 0o600 });
+}
+
+async function verifyEndpoint(baseUrl, key) {
+  try {
+    const url = new URL('/v1/billing/summary?window=today', baseUrl);
+    const res = await fetch(url, {
+      method: 'GET',
+      headers: { authorization: `Bearer ${key}`, accept: 'application/json' },
+    });
+    return { status: res.status, ok: res.ok };
+  } catch (err) {
+    return { status: null, ok: false, error: err.message };
+  }
+}
+
+async function main() {
+  const existing = loadExistingConfig();
+
+  if (existing && existing.operatorKey && existing.baseUrl) {
+    console.log('\n✓ Operator config already exists at', LOCAL_CONFIG_PATH);
+    console.log('  Base URL    :', existing.baseUrl);
+    console.log('  Operator key:', existing.operatorKey);
+    console.log('\nTo regenerate, delete the file and re-run this script.');
+
+    // Set env for this process so the verify check works
+    process.env.THUMBGATE_OPERATOR_KEY = existing.operatorKey;
+    process.env.THUMBGATE_BILLING_API_BASE_URL = existing.baseUrl;
+
+    const check = await verifyEndpoint(existing.baseUrl, existing.operatorKey);
+    if (check.ok) {
+      console.log('\n✓ Production endpoint responds OK — hosted billing is active.');
+    } else if (check.status === 403) {
+      console.log('\n⚠ Production endpoint returned 403 — the operator key is not yet set on Railway.');
+      console.log('\nSet it now:\n');
+      console.log(`  railway variables set THUMBGATE_OPERATOR_KEY=${existing.operatorKey}`);
+      console.log('\nThen redeploy (Railway will pick it up automatically).');
+    } else {
+      console.log(`\n⚠ Endpoint check returned status ${check.status || 'error'}: ${check.error || ''}`);
+    }
+    return;
+  }
+
+  const key = generateOperatorKey();
+  const config = {
+    operatorKey: key,
+    baseUrl: process.env.THUMBGATE_BILLING_API_BASE_URL || PROD_URL,
+    createdAt: new Date().toISOString(),
+  };
+
+  saveConfig(config);
+
+  console.log('\n✓ Operator key generated and saved to', LOCAL_CONFIG_PATH);
+  console.log('\n──────────────────────────────────────────────────────');
+  console.log('  THUMBGATE_OPERATOR_KEY =', key);
+  console.log('──────────────────────────────────────────────────────');
+  console.log('\nSet this key on Railway (one-time):');
+  console.log('\n  railway variables set THUMBGATE_OPERATOR_KEY=' + key);
+  console.log('\nOr paste it into the Railway dashboard under Variables.');
+  console.log('\nAfter Railway redeploys, run:\n');
+  console.log('  node bin/cli.js cfo --today\n');
+  console.log('The CFO dashboard will use live production billing data.');
+}
+
+main().catch((err) => {
+  console.error('billing-setup error:', err.message);
+  process.exit(1);
+});

package/scripts/build-claude-mcpb.js

@@ -5,6 +5,7 @@ const fs = require('fs');
 const path = require('path');
 const { execFileSync } = require('child_process');
 const {
+  getClaudePluginReviewVersionedAssetName,
   getClaudePluginVersionedAssetName,
 } = require('./distribution-surfaces');
 
@@ -27,6 +28,14 @@ const RUNTIME_COPY_PATHS = [
   'SECURITY.md',
   'server.json',
 ];
+const REVIEW_PACKET_COPY_PATHS = [
+  '.claude-plugin',
+  'docs/CLAUDE_DESKTOP_EXTENSION.md',
+  'README.md',
+  'LICENSE',
+  'SECURITY.md',
+  'server.json',
+];
 
 function readJson(relativePath) {
   return JSON.parse(fs.readFileSync(path.join(PROJECT_ROOT, relativePath), 'utf8'));
@@ -173,17 +182,74 @@ function buildClaudeMcpb(outputDir = DEFAULT_OUTPUT_DIR) {
   };
 }
 
-if (require.main === module) {
-  const outputDir = process.argv[2]
-    ? path.resolve(process.cwd(), process.argv[2])
+function buildClaudeReviewZip(outputDir = DEFAULT_OUTPUT_DIR) {
+  const packageJson = readJson('package.json');
+  const reviewRoot = path.join(outputDir, 'review');
+  const reviewDirName = 'thumbgate-claude-plugin-review';
+  const stageDir = path.join(reviewRoot, reviewDirName);
+  const outputFile = path.join(outputDir, getClaudePluginReviewVersionedAssetName(packageJson.version));
+
+  fs.rmSync(reviewRoot, { recursive: true, force: true });
+  fs.mkdirSync(stageDir, { recursive: true });
+
+  for (const relativePath of REVIEW_PACKET_COPY_PATHS) {
+    copyEntry(relativePath, stageDir);
+  }
+
+  fs.rmSync(outputFile, { force: true });
+  exec('zip', ['-qr', outputFile, reviewDirName], { cwd: reviewRoot });
+
+  return {
+    stageDir,
+    outputFile,
+  };
+}
+
+function resolveBuildRequest(args = [], cwd = process.cwd()) {
+  const mode = args.includes('--review-zip')
+    ? 'review-zip'
+    : args.includes('--all')
+      ? 'all'
+      : 'mcpb';
+  const outputArg = args.find((arg) => !arg.startsWith('--'));
+  const outputDir = outputArg
+    ? path.resolve(cwd, outputArg)
     : DEFAULT_OUTPUT_DIR;
-  const { outputFile } = buildClaudeMcpb(outputDir);
-  console.log(`Built Claude Desktop bundle: ${outputFile}`);
+
+  return { mode, outputDir };
+}
+
+function runBuildRequest({ mode, outputDir }, deps = { buildClaudeMcpb, buildClaudeReviewZip }) {
+  if (mode === 'review-zip') {
+    const { outputFile } = deps.buildClaudeReviewZip(outputDir);
+    return [`Built Claude plugin review zip: ${outputFile}`];
+  }
+
+  if (mode === 'all') {
+    const { outputFile } = deps.buildClaudeMcpb(outputDir);
+    const { outputFile: reviewOutputFile } = deps.buildClaudeReviewZip(outputDir);
+    return [
+      `Built Claude Desktop bundle: ${outputFile}`,
+      `Built Claude plugin review zip: ${reviewOutputFile}`,
+    ];
+  }
+
+  const { outputFile } = deps.buildClaudeMcpb(outputDir);
+  return [`Built Claude Desktop bundle: ${outputFile}`];
+}
+
+if (require.main === module) {
+  for (const line of runBuildRequest(resolveBuildRequest(process.argv.slice(2)))) {
+    console.log(line);
+  }
 }
 
 module.exports = {
   DEFAULT_OUTPUT_DIR,
   buildClaudeMcpbManifest,
+  buildClaudeReviewZip,
   stageClaudeMcpbBundle,
   buildClaudeMcpb,
+  resolveBuildRequest,
+  runBuildRequest,
 };