thumbgate 1.5.8 → 1.7.0

package/src/api/server.js

@@ -152,6 +152,9 @@ const {
 } = require('../../scripts/decision-journal');
 const {
   generateDashboard,
+  buildReviewSnapshot,
+  readDashboardReviewState,
+  writeDashboardReviewState,
 } = require('../../scripts/dashboard');
 const {
   buildDashboardRenderSpec,
@@ -216,6 +219,7 @@ const PRO_PAGE_PATH = path.resolve(__dirname, '../../public/pro.html');
 const DASHBOARD_PAGE_PATH = path.resolve(__dirname, '../../public/dashboard.html');
 const LESSONS_PAGE_PATH = path.resolve(__dirname, '../../public/lessons.html');
 const GUIDE_PAGE_PATH = path.resolve(__dirname, '../../public/guide.html');
+const CODEX_PLUGIN_PAGE_PATH = path.resolve(__dirname, '../../public/codex-plugin.html');
 const COMPARE_PAGE_PATH = path.resolve(__dirname, '../../public/compare.html');
 const LEARN_PAGE_PATH = path.resolve(__dirname, '../../public/learn.html');
 const LEARN_DIR = path.resolve(__dirname, '../../public/learn');
@@ -1703,7 +1707,8 @@ body { font-family: var(--font); background: var(--bg); color: var(--text); line
 .container { max-width: 860px; margin: 0 auto; padding: 0 24px; }
 nav { position: sticky; top: 0; z-index: 50; background: rgba(10,10,11,0.85); backdrop-filter: blur(12px); border-bottom: 1px solid var(--border); padding: 14px 0; }
 nav .container { display: flex; justify-content: space-between; align-items: center; }
-.nav-logo { font-weight: 700; font-size: 15px; color: var(--text); text-decoration: none; }
+.nav-logo { font-weight: 700; font-size: 15px; color: var(--text); text-decoration: none; display: inline-flex; align-items: center; gap: 8px; }
+.nav-logo .logo-mark { width: 28px; height: 28px; display: block; }
 .nav-links { display: flex; gap: 16px; align-items: center; }
 .nav-links a { color: var(--text-muted); text-decoration: none; font-size: 13px; }
 .nav-links a:hover { color: var(--text); }
@@ -1748,7 +1753,7 @@ nav .container { display: flex; justify-content: space-between; align-items: cen
 </head>
 <body>
 <nav><div class="container">
-  <a href="/dashboard" class="nav-logo">👍👎 ThumbGate</a>
+  <a href="/dashboard" class="nav-logo"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
   <div class="nav-links">
     <a href="/dashboard">Dashboard</a>
     <a href="/lessons">Lessons</a>
@@ -1900,6 +1905,7 @@ function renderSitemapXml(runtimeConfig) {
     // so search engines don't chase the 301 instead of indexing the canonical
     // homepage directly.
     { path: '/llm-context.md', changefreq: 'weekly', priority: '0.8' },
+    { path: '/codex-plugin', changefreq: 'weekly', priority: '0.75' },
     ...THUMBGATE_SEO_SITEMAP_ENTRIES,
   ];
   return [
@@ -2022,6 +2028,7 @@ function renderCheckoutSuccessPage(runtimeConfig) {
       --accent-dark: #8f451f;
       --card: #fffdf9;
       --success: #2f7d4b;
+      --warning: #8f451f;
       --radius: 14px;
     }
     * { box-sizing: border-box; }
@@ -2073,6 +2080,15 @@ function renderCheckoutSuccessPage(runtimeConfig) {
       font-weight: 700;
       margin-bottom: 8px;
     }
+    .email-status {
+      color: var(--muted);
+      font-size: 14px;
+      margin-top: 10px;
+    }
+    .email-status.warning {
+      color: var(--warning);
+      font-weight: 700;
+    }
     pre {
       white-space: pre-wrap;
       word-break: break-word;
@@ -2108,11 +2124,26 @@ function renderCheckoutSuccessPage(runtimeConfig) {
       color: var(--muted);
       font-size: 14px;
     }
+    .brand-header {
+      display: flex;
+      align-items: center;
+      gap: 10px;
+      margin-bottom: 28px;
+      text-decoration: none;
+      color: var(--ink);
+      font-weight: 700;
+      font-size: 16px;
+      letter-spacing: -0.01em;
+    }
+    .brand-header .logo-mark { width: 32px; height: 32px; display: block; }
   </style>
+  <link rel="icon" type="image/png" href="/thumbgate-icon.png">
+  <link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg">
 <script defer data-domain="thumbgate-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
 </head>
 <body>
   <main>
+    <a href="/" class="brand-header"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="32" height="32"><span class="logo-text">ThumbGate</span></a>
     <span class="eyebrow">ThumbGate Pro</span>
     <h1>Your local Pro dashboard is ready.</h1>
     <p class="lead">This page verifies your Stripe session, provisions the key if needed, and gives you the exact command to save your license and launch your personal local dashboard.</p>
@@ -2120,6 +2151,7 @@ function renderCheckoutSuccessPage(runtimeConfig) {
     <div class="card">
       <div class="status" id="status">Verifying payment and provisioning your key...</div>
       <p class="muted" id="summary">Do not close this tab until the key appears.</p>
+      <p class="email-status" id="email-status">Activation email pending checkout verification.</p>
       <pre id="key-block">Waiting for checkout session...</pre>
     </div>
 
@@ -2131,11 +2163,26 @@ function renderCheckoutSuccessPage(runtimeConfig) {
     </div>
 
     <div class="card">
-      <h2>Hosted API setup (optional)</h2>
+      <h2>Use ThumbGate from CI, teammates, and remote agents (optional)</h2>
+      <p>The Hosted API lets anything that can make an HTTP request &mdash; CI jobs, GitHub Actions, teammates' laptops, scheduled cron, or agents running in Docker or Lambda &mdash; push feedback into the same memory pool your local dashboard already reads from.</p>
+
+      <p><strong>When you need this:</strong></p>
+      <ul>
+        <li>You run agents in CI/CD, GitHub Actions, or Docker containers and want their failures captured automatically.</li>
+        <li>Your team wants shared memory &mdash; every teammate's thumbs-down feeds the same prevention rules.</li>
+        <li>You dispatch agents from servers, Lambdas, or scheduled jobs that never touch your laptop.</li>
+      </ul>
+
+      <p><strong>When you can skip this:</strong></p>
+      <ul>
+        <li>You only use ThumbGate from your own laptop &mdash; the local dashboard already handles everything.</li>
+      </ul>
+
+      <p><strong>How to set it up:</strong></p>
       <ol>
-        <li>Copy the environment block below into your workflow runner.</li>
-        <li>Use the curl example to confirm the hosted API captures an event.</li>
-        <li>Keep your key private and rotate by repurchasing or contacting support if needed.</li>
+        <li>Copy the environment block below into your CI or server environment.</li>
+        <li>Use the curl example to confirm the hosted API captures an event end-to-end.</li>
+        <li>Treat the key like any other API secret &mdash; rotate via your billing portal if it leaks.</li>
       </ol>
       <pre id="env-block">Waiting for provisioning...</pre>
       <pre id="curl-block">Waiting for provisioning...</pre>
@@ -2154,6 +2201,7 @@ function renderCheckoutSuccessPage(runtimeConfig) {
     const telemetryEndpoint = '/v1/telemetry/ping';
     const statusEl = document.getElementById('status');
     const summaryEl = document.getElementById('summary');
+    const emailStatusEl = document.getElementById('email-status');
     const keyBlock = document.getElementById('key-block');
     const envBlock = document.getElementById('env-block');
     const curlBlock = document.getElementById('curl-block');
@@ -2271,9 +2319,23 @@ function renderCheckoutSuccessPage(runtimeConfig) {
         sendTelemetryOnce('checkout_paid_confirmed');
         statusEl.textContent = 'ThumbGate Pro activated.';
         const resolvedTraceId = body.traceId || traceId || '';
+        const emailStatus = body.trialEmail || {};
+        const customerEmail = body.customerEmail || (emailStatus && emailStatus.customerEmail) || '';
         summaryEl.textContent = resolvedTraceId
           ? 'Your Pro key is ready. Save it once, launch your local dashboard, and keep the optional hosted snippet for team workflows. Trace: ' + resolvedTraceId + '.'
           : 'Your Pro key is ready. Save it once, launch your local dashboard, and keep the optional hosted snippet for team workflows.';
+        if (emailStatus.status === 'sent' || emailStatus.status === 'already_sent') {
+          emailStatusEl.className = 'email-status';
+          emailStatusEl.textContent = customerEmail
+            ? 'Activation email sent to ' + customerEmail + '.'
+            : 'Activation email sent.';
+        } else if (emailStatus.status === 'skipped' || emailStatus.status === 'failed') {
+          emailStatusEl.className = 'email-status warning';
+          emailStatusEl.textContent = 'Email delivery is not confirmed. Copy the key below now; this page is your activation source of truth.';
+        } else {
+          emailStatusEl.className = 'email-status warning';
+          emailStatusEl.textContent = 'Email delivery status is unknown. Copy the key below now.';
+        }
         keyBlock.textContent = body.apiKey || 'Provisioned, but no key was returned.';
         activateBlock.textContent = body.apiKey
           ? 'npx thumbgate pro --activate --key=' + body.apiKey
@@ -3479,6 +3541,16 @@ async function addContext(){
       return;
     }
 
+    if (isGetLikeRequest && pathname === '/codex-plugin') {
+      try {
+        const html = fs.readFileSync(CODEX_PLUGIN_PAGE_PATH, 'utf-8');
+        sendHtml(res, 200, html, {}, { headOnly: isHeadRequest });
+      } catch {
+        sendJson(res, 404, { error: 'Codex plugin page not found' });
+      }
+      return;
+    }
+
     if (isGetLikeRequest && pathname === '/compare') {
       try {
         const html = fs.readFileSync(COMPARE_PAGE_PATH, 'utf-8');
@@ -3575,6 +3647,7 @@ async function addContext(){
     if (isGetLikeRequest && (
       pathname === '/favicon.ico'
       || pathname === '/thumbgate-logo.png'
+      || pathname === '/thumbgate-icon.png'
       || pathname === '/og.png'
       || pathname === '/apple-touch-icon.png'
     )) {
@@ -3589,7 +3662,7 @@ async function addContext(){
           version: pkg.version,
           status: 'ok',
           docs: 'https://github.com/IgorGanapolsky/ThumbGate',
-          endpoints: ['/health', '/dashboard', '/guide', '/compare', '/learn', '/v1/feedback/capture', '/v1/feedback/stats', '/v1/feedback/summary', '/v1/lessons/search', '/v1/search', '/v1/documents', '/v1/documents/import', '/v1/documents/{documentId}', '/v1/dashboard', '/v1/dashboard/render-spec', '/v1/decisions/evaluate', '/v1/decisions/outcome', '/v1/decisions/metrics', '/v1/settings/status', '/v1/dpo/export', '/v1/jobs', '/v1/jobs/harness', '/v1/analytics/databricks/export'],
+          endpoints: ['/health', '/dashboard', '/guide', '/codex-plugin', '/compare', '/learn', '/v1/feedback/capture', '/v1/feedback/stats', '/v1/feedback/summary', '/v1/lessons/search', '/v1/search', '/v1/documents', '/v1/documents/import', '/v1/documents/{documentId}', '/v1/dashboard', '/v1/dashboard/render-spec', '/v1/decisions/evaluate', '/v1/decisions/outcome', '/v1/decisions/metrics', '/v1/settings/status', '/v1/dpo/export', '/v1/jobs', '/v1/jobs/harness', '/v1/analytics/databricks/export'],
         }, {}, {
           headOnly: isHeadRequest,
         });
@@ -3706,6 +3779,7 @@ async function addContext(){
           installId: bootstrapBody.installId,
           traceId,
           metadata: analyticsMetadata,
+          appOrigin: hostedConfig.appOrigin,
         });
 
         if (result.url) {
@@ -4330,6 +4404,7 @@ async function addContext(){
           installId: body.installId,
           traceId,
           metadata: analyticsMetadata,
+          appOrigin: hostedConfig.appOrigin,
         });
         sendJson(res, 200, {
           ...result,
@@ -5518,6 +5593,36 @@ async function addContext(){
         return;
       }
 
+      // GET /v1/dashboard/review-state -- incremental review baseline and deltas
+      if (req.method === 'GET' && pathname === '/v1/dashboard/review-state') {
+        const reviewState = readDashboardReviewState(requestFeedbackDir);
+        const data = generateDashboard(requestFeedbackDir, {
+          reviewBaseline: reviewState,
+          authContext: { tier: 'pro' },
+        });
+        sendJson(res, 200, {
+          reviewState,
+          reviewDelta: data.reviewDelta,
+        });
+        return;
+      }
+
+      // POST /v1/dashboard/review-state -- mark current dashboard state as reviewed
+      if (req.method === 'POST' && pathname === '/v1/dashboard/review-state') {
+        const snapshot = buildReviewSnapshot(requestFeedbackDir);
+        writeDashboardReviewState(requestFeedbackDir, snapshot);
+        const data = generateDashboard(requestFeedbackDir, {
+          reviewBaseline: snapshot,
+          authContext: { tier: 'pro' },
+        });
+        sendJson(res, 200, {
+          ok: true,
+          reviewState: snapshot,
+          reviewDelta: data.reviewDelta,
+        });
+        return;
+      }
+
       // GET /v1/dashboard/render-spec -- Constrained hosted dashboard JSON spec
       if (req.method === 'GET' && pathname === '/v1/dashboard/render-spec') {
         let summaryOptions;