thumbgate 1.6.0 → 1.7.0

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -13,7 +13,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.6.0",
+      "version": "1.7.0",
       "author": {
         "name": "Igor Ganapolsky"
       },

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "Type 👍 or 👎 on any agent action. ThumbGate captures it, distills a lesson, and blocks the pattern from repeating. One thumbs-down = the agent physically cannot make that mistake again. 33 pre-action gates, budget enforcement, self-protection, and NIST/SOC2 compliance tags.",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "author": {
     "name": "Igor Ganapolsky"
   },

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://github.com/IgorGanapolsky/thumbgate",
   "transport": "stdio",

package/adapters/README.md

@@ -3,7 +3,7 @@
 - `chatgpt/openapi.yaml`: import into GPT Actions.
 - `gemini/function-declarations.json`: Gemini function-calling definitions.
 - `mcp/server-stdio.js`: underlying local MCP stdio server implementation.
-- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.6.0 thumbgate serve`.
+- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.7.0 thumbgate serve`.
 - `codex/config.toml`: example Codex MCP profile section using the same version-pinned portable launcher.
 - `amp/skills/thumbgate-feedback/SKILL.md`: Amp skill template.
 - `opencode/opencode.json`: portable OpenCode MCP profile using the same version-pinned portable launcher.

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.6.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.7.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.6.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.7.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -146,7 +146,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.6.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.7.0' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -201,6 +201,43 @@ function toTextResult(payload) {
   };
 }
 
+// Format corrective actions as a top-level <system-reminder> block so the
+// calling agent treats them as first-class guidance, not buried JSON.
+// Shape of `actions` varies: lesson-db.inferCorrectiveActions returns
+// {whatToChange, tags, timestamp}; lesson-search.buildSystemActions returns
+// {type, source, text}. Normalize to a single bulleted list.
+function formatCorrectiveActionsReminder(actions) {
+  if (!Array.isArray(actions) || actions.length === 0) return '';
+  const lines = ['<system-reminder>', 'ThumbGate surfaced prior lessons matching this failure.', 'REVIEW BEFORE YOUR NEXT ACTION:'];
+  actions.slice(0, 5).forEach((action, idx) => {
+    const text = (action && (action.whatToChange || action.text || action.message)) || '';
+    if (!text) return;
+    const tags = Array.isArray(action.tags) && action.tags.length > 0 ? ` [${action.tags.join(', ')}]` : '';
+    lines.push(`${idx + 1}. ${String(text).trim()}${tags}`);
+  });
+  lines.push('</system-reminder>', '');
+  return lines.join('\n');
+}
+
+// Wrap capture_feedback payloads so correctiveActions surface as a
+// top-level <system-reminder> text block appended alongside the JSON body.
+//
+// Ordering: JSON body is content[0] (preserves backward compatibility with
+// callers that parse content[0].text as JSON); the reminder is content[1]
+// so it still appears as a top-level block the agent must process — not
+// buried inside the JSON structure.
+function toCaptureFeedbackTextResult(result) {
+  const body = JSON.stringify(result, null, 2);
+  const blocks = [{ type: 'text', text: body }];
+  const reminder = result && Array.isArray(result.correctiveActions)
+    ? formatCorrectiveActionsReminder(result.correctiveActions)
+    : '';
+  if (reminder) {
+    blocks.push({ type: 'text', text: reminder });
+  }
+  return { content: blocks };
+}
+
 function formatContextPack(pack) {
   const lines = [
     '## Context Pack',
@@ -447,7 +484,7 @@ async function callToolInner(name, args) {
   switch (name) {
     case 'capture_feedback':
 
-      return toTextResult(captureFeedback(args));
+      return toCaptureFeedbackTextResult(captureFeedback(args));
     case 'feedback_summary':
       return toTextResult(feedbackSummary(Number(args.recent || 20)));
     case 'search_lessons':
@@ -1008,4 +1045,6 @@ module.exports = {
   callTool,
   startStdioServer,
   acquireLock,
+  toCaptureFeedbackTextResult,
+  formatCorrectiveActionsReminder,
 };

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.6.0",
+        "thumbgate@1.7.0",
         "thumbgate",
         "serve"
       ],

package/bin/cli.js

@@ -1591,19 +1591,53 @@ function sessionStart() {
   const { refreshStatuslineCache } = require(path.join(PKG_ROOT, 'scripts', 'hook-thumbgate-cache-updater'));
   refreshStatuslineCache(analyzeFeedback());
 
-  // Surface gate-program.md active rules so the agent starts aware of what is blocked.
+  // Build a top-level <system-reminder> block that Claude Code's SessionStart
+  // hook surfaces to the agent as first-class context — not buried stderr.
+  // Contract: emit JSON `{hookSpecificOutput:{hookEventName:"SessionStart",
+  // additionalContext:"..."}}` to stdout. Supported by Claude Code v0.4+.
+  const reminderLines = [];
+
+  // Active hard-block rules from gate-program.md
   try {
     const { readGateProgram, extractBlockPatterns } = require(path.join(PKG_ROOT, 'scripts', 'meta-agent-loop'));
     const gateProgram = readGateProgram();
     if (gateProgram) {
       const blockPatterns = extractBlockPatterns(gateProgram);
       if (blockPatterns.length > 0) {
-        process.stderr.write('\n[ThumbGate] Active hard-block rules from gate-program.md:\n');
-        blockPatterns.forEach((p, i) => process.stderr.write(`  ${i + 1}. ${p}\n`));
-        process.stderr.write('\n');
+        reminderLines.push('Active ThumbGate hard-block rules:');
+        blockPatterns.forEach((p, i) => reminderLines.push(`  ${i + 1}. ${p}`));
       }
     }
-  } catch (_) { /* gate-program awareness is best-effort */ }
+  } catch (_) { /* non-critical */ }
+
+  // Top high-risk tags — force agent to see them at session start, not opt-in
+  try {
+    const { getRiskSummary } = require(path.join(PKG_ROOT, 'scripts', 'risk-scorer'));
+    const summary = getRiskSummary();
+    if (summary && Array.isArray(summary.highRiskTags) && summary.highRiskTags.length > 0) {
+      if (reminderLines.length > 0) reminderLines.push('');
+      reminderLines.push('Top high-risk tags from prior failures:');
+      summary.highRiskTags.slice(0, 5).forEach((bucket, i) => {
+        const key = bucket && (bucket.key || bucket.tag);
+        const score = bucket && (bucket.risk || bucket.score || bucket.riskScore);
+        if (key) reminderLines.push(`  ${i + 1}. ${key} (risk=${score || '?'})`);
+      });
+    }
+  } catch (_) { /* non-critical */ }
+
+  if (reminderLines.length > 0) {
+    const additionalContext = ['<system-reminder>', ...reminderLines, '</system-reminder>'].join('\n');
+    try {
+      process.stdout.write(JSON.stringify({
+        hookSpecificOutput: {
+          hookEventName: 'SessionStart',
+          additionalContext,
+        },
+      }));
+    } catch (_) { /* stdout write failure is non-critical */ }
+    // Legacy stderr fallback for older Claude Code versions
+    process.stderr.write('\n[ThumbGate] ' + reminderLines.join('\n[ThumbGate] ') + '\n');
+  }
 }
 
 function installMcp() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "description": "Self-improving agent governance: type thumbs-up or thumbs-down on any AI agent action. ThumbGate turns every mistake into a prevention rule and blocks the pattern from repeating. One thumbs-down, never again. 33 pre-action gates, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -251,7 +251,7 @@
     "trace:eval": "node scripts/decision-trace.js eval",
     "social:reply-monitor": "node scripts/social-reply-monitor.js",
     "social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
-    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets",
+    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth",
     "test:session-health": "node --test tests/session-health-sensor.test.js",
     "test:session-episodes": "node --test tests/session-episode-store.test.js",
     "test:spec-gate": "node --test tests/spec-gate.test.js",
@@ -498,7 +498,8 @@
     "test:pretooluse-injection": "node --test tests/pretooluse-lesson-injection.test.js",
     "test:recent-corrective-context": "node --test tests/recent-corrective-actions-context.test.js",
     "test:mailer": "node --test tests/mailer.test.js tests/billing-webhook-email.test.js",
-    "test:brand-assets": "node --test tests/brand-assets.test.js"
+    "test:brand-assets": "node --test tests/brand-assets.test.js",
+    "test:enforcement-teeth": "node --test tests/enforcement-teeth.test.js"
   },
   "keywords": [
     "mcp",

package/public/index.html

@@ -974,7 +974,7 @@ __GA_BOOTSTRAP__
 <!-- HOW IT WORKS -->
 <section class="how-it-works" id="how-it-works">
   <div class="container">
-    <div class="section-label">New in v1.6.0</div>
+    <div class="section-label">New in v1.7.0</div>
     <h2 class="section-title">Three steps to stop repeated AI failures</h2>
     <div class="steps">
       <div class="step">
@@ -1330,7 +1330,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.6.0</span>
+    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.7.0</span>
   </div>
 </footer>
 

package/scripts/feedback-loop.js

@@ -1265,6 +1265,8 @@ function captureFeedback(params) {
     feedbackSession = openSession(feedbackEvent.id, signal, inferredContext);
   } catch (_err) { /* non-critical */ }
 
+  const correctiveActionsReminder = buildCorrectiveActionsReminder(correctiveActions);
+
   // Build result immediately — all remaining side-effects are deferred
   const result = {
     accepted: true,
@@ -1274,6 +1276,10 @@ function captureFeedback(params) {
     memoryRecord,
     _captureMs,
     ...(correctiveActions.length > 0 && { correctiveActions }),
+    ...(correctiveActionsReminder && {
+      systemReminder: correctiveActionsReminder,
+      thumbgateSystemReminder: correctiveActionsReminder,
+    }),
     ...(reflection && { reflection }),
     ...(feedbackSession && { feedbackSession }),
     ...(synthesisResult && { synthesis: synthesisResult }),
@@ -1911,9 +1917,25 @@ function compactMemories() {
   };
 }
 
+function buildCorrectiveActionsReminder(correctiveActions = []) {
+  if (!Array.isArray(correctiveActions) || correctiveActions.length === 0) return null;
+  const lines = correctiveActions
+    .slice(0, 3)
+    .map((action) => {
+      const type = String(action.type || action.source || 'corrective_action').replace(/_/g, ' ');
+      const text = String(action.text || action.action || action.description || '').trim();
+      if (!text) return null;
+      return `  - ${type}: ${text.slice(0, 240)}`;
+    })
+    .filter(Boolean);
+  if (lines.length === 0) return null;
+  return `[ThumbGate] Corrective actions from prior lessons - apply before the next tool call:\n${lines.join('\n')}`;
+}
+
 module.exports = {
   captureFeedback,
   compactMemories,
+  buildCorrectiveActionsReminder,
   analyzeFeedback,
   buildPreventionRules,
   writePreventionRules,

package/scripts/gates-engine.js

@@ -83,6 +83,11 @@ const DEFAULT_PROTECTED_FILE_GLOBS = [
 ];
 const EDIT_LIKE_TOOLS = new Set(['Edit', 'Write', 'MultiEdit']);
 const HIGH_RISK_BASH_PATTERN = /\b(?:git\s+(?:add|commit|push)|gh\s+pr\s+(?:create|merge)|npm\s+publish|yarn\s+publish|pnpm\s+publish|rm\s+-rf)\b/i;
+const BOOSTED_RISK_BLOCK_SCORE = 0.8;
+const BOOSTED_RISK_MIN_EXAMPLES = 3;
+const PR_THREAD_RESOLUTION_ACTION = 'pr_thread_resolution_verified_after_commit';
+const PR_THREAD_RESOLUTION_CLAIM_PATTERN = '(?:thread|review|comment).*?(?:resolved|verified|checked|addressed|fixed)|(?:resolved|verified|checked|addressed|fixed).*?(?:thread|review|comment)';
+const PR_THREAD_RESOLUTION_REQUIRED_ACTIONS = ['pr_threads_checked', 'thread_resolution_verified'];
 
 // ---------------------------------------------------------------------------
 // Config loading
@@ -609,6 +614,218 @@ function isHighRiskAction(toolName, toolInput = {}, affectedFiles = []) {
   return false;
 }
 
+function normalizeRiskToken(value) {
+  return String(value || '')
+    .toLowerCase()
+    .replace(/[^a-z0-9]+/g, ' ')
+    .trim();
+}
+
+function singularizeRiskToken(token) {
+  const value = String(token || '').trim();
+  if (value.length > 3 && value.endsWith('ies')) return `${value.slice(0, -3)}y`;
+  if (value.length > 3 && value.endsWith('s')) return value.slice(0, -1);
+  return value;
+}
+
+function riskTokenVariants(token) {
+  const normalized = singularizeRiskToken(token);
+  const variants = new Set([token, normalized]);
+  const synonyms = {
+    comment: ['comment', 'comments', 'review', 'reviews', 'reply', 'replies', 'thread', 'threads'],
+    thread: ['thread', 'threads', 'review', 'reviews', 'comment', 'comments'],
+    bot: ['bot', 'bots', 'automation', 'automated', 'assistant', 'claude', 'codex'],
+    pr: ['pr', 'pull', 'pullrequest', 'pullrequests'],
+    file: ['file', 'files', 'path', 'paths'],
+    test: ['test', 'tests', 'ci', 'coverage', 'verify', 'verification'],
+  };
+  for (const candidate of [token, normalized]) {
+    for (const item of synonyms[candidate] || []) {
+      variants.add(item);
+      variants.add(singularizeRiskToken(item));
+    }
+  }
+  return [...variants].filter(Boolean);
+}
+
+function normalizeRiskTagEntry(entry) {
+  if (!entry) return null;
+  if (typeof entry === 'string') {
+    return { tag: entry };
+  }
+  if (typeof entry !== 'object') return null;
+  const tag = entry.tag || entry.key || entry.name || entry.domain || entry.label || entry.id;
+  if (!tag) return null;
+  return {
+    tag: String(tag),
+    count: Number(entry.count ?? entry.examples ?? entry.exampleCount ?? entry.total ?? entry.samples),
+    failures: Number(entry.failures ?? entry.failureCount),
+    riskRate: Number(entry.riskRate ?? entry.rate ?? entry.failureRate ?? entry.score ?? entry.riskScore),
+  };
+}
+
+function collectBoostedRiskTags(toolInput = {}) {
+  const boostedRisk = toolInput.boostedRisk && typeof toolInput.boostedRisk === 'object'
+    ? toolInput.boostedRisk
+    : {};
+  const sources = [
+    toolInput.highRiskTags,
+    toolInput.riskTags,
+    boostedRisk.highRiskTags,
+    boostedRisk.tags,
+    boostedRisk.highRiskDomains,
+  ];
+  const tags = [];
+  for (const source of sources) {
+    if (Array.isArray(source)) {
+      tags.push(...source.map(normalizeRiskTagEntry).filter(Boolean));
+    }
+  }
+  return tags;
+}
+
+function isBoostedRiskHigh(toolInput = {}) {
+  const boostedRisk = toolInput.boostedRisk && typeof toolInput.boostedRisk === 'object'
+    ? toolInput.boostedRisk
+    : {};
+  const level = String(boostedRisk.riskLevel || boostedRisk.level || boostedRisk.mode || '').toLowerCase();
+  if (/\b(?:high|critical|block|deny)\b/.test(level)) return true;
+
+  const riskScore = Number(boostedRisk.riskScore ?? boostedRisk.score ?? boostedRisk.riskRate ?? boostedRisk.failureRate ?? boostedRisk.baseRate);
+  if (Number.isFinite(riskScore) && riskScore >= BOOSTED_RISK_BLOCK_SCORE) return true;
+
+  const exampleCount = Number(boostedRisk.exampleCount ?? boostedRisk.count ?? boostedRisk.samples ?? boostedRisk.total);
+  const failureCount = Number(boostedRisk.failureCount ?? boostedRisk.failures);
+  if (
+    Number.isFinite(exampleCount) &&
+    exampleCount >= BOOSTED_RISK_MIN_EXAMPLES &&
+    Number.isFinite(failureCount) &&
+    failureCount / Math.max(exampleCount, 1) >= BOOSTED_RISK_BLOCK_SCORE
+  ) {
+    return true;
+  }
+
+  return collectBoostedRiskTags(toolInput).some((entry) => {
+    if (Number.isFinite(entry.riskRate) && entry.riskRate >= BOOSTED_RISK_BLOCK_SCORE) return true;
+    if (Number.isFinite(entry.count) && entry.count >= BOOSTED_RISK_MIN_EXAMPLES && !Number.isFinite(entry.riskRate)) return true;
+    if (
+      Number.isFinite(entry.count) &&
+      entry.count >= BOOSTED_RISK_MIN_EXAMPLES &&
+      Number.isFinite(entry.failures) &&
+      entry.failures / Math.max(entry.count, 1) >= BOOSTED_RISK_BLOCK_SCORE
+    ) {
+      return true;
+    }
+    return false;
+  });
+}
+
+function riskTagMatchesAction(tag, actionContext) {
+  const normalizedTag = normalizeRiskToken(tag);
+  const normalizedAction = normalizeRiskToken(actionContext);
+  if (!normalizedTag || !normalizedAction) return false;
+  const actionTokens = new Set(normalizedAction.split(/\s+/).filter(Boolean));
+  const tagTokens = normalizedTag.split(/\s+/).filter(Boolean);
+  return tagTokens.some((token) => riskTokenVariants(token).some((variant) => actionTokens.has(variant)));
+}
+
+function evaluateBoostedRiskTagGuard(toolName, toolInput = {}) {
+  const tags = collectBoostedRiskTags(toolInput);
+  if (tags.length === 0 || !isBoostedRiskHigh(toolInput)) return null;
+
+  const actionContext = extractActionContext(toolName, toolInput);
+  const matchedTag = tags.find((entry) => riskTagMatchesAction(entry.tag, actionContext));
+  if (!matchedTag) return null;
+
+  const matchText = toolInput.command || toolInput.file_path || toolInput.path || actionContext;
+  const message = `Boosted-risk history matched this action (${matchedTag.tag}). This pattern is denied by default until explicit evidence lowers the risk.`;
+  return {
+    decision: 'deny',
+    gate: 'boosted-risk-tag-default-deny',
+    message,
+    severity: 'critical',
+    reasoning: [
+      `High-risk tag "${matchedTag.tag}" matched "${String(matchText).slice(0, 120)}"`,
+      `Risk threshold: score >= ${BOOSTED_RISK_BLOCK_SCORE} or at least ${BOOSTED_RISK_MIN_EXAMPLES} examples`,
+      'Hook enforcement blocks this pre-tool call instead of relying on advisory recall',
+    ],
+  };
+}
+
+function isGitCommitCommand(toolName, toolInput = {}) {
+  return toolName === 'Bash' && /\bgit\s+commit\b/i.test(String(toolInput.command || ''));
+}
+
+function isProtectedBranchName(branchName) {
+  return /^(?:main|master|develop|dev|trunk|release)$/i.test(String(branchName || '').trim());
+}
+
+function detectBranchName(toolInput = {}, repoRoot = null) {
+  const inline = toolInput.branchName || toolInput.currentBranch || toolInput.branch || toolInput.headRefName;
+  if (inline) return String(inline).trim();
+  if (!repoRoot) return '';
+  return safeExecFileLines('git', ['rev-parse', '--abbrev-ref', 'HEAD'], repoRoot)[0] || '';
+}
+
+function hasPrBranchContext(toolInput = {}, repoRoot = null) {
+  if (toolInput.prNumber || toolInput.prUrl || toolInput.pullRequestNumber || toolInput.pullRequestUrl) {
+    return true;
+  }
+  const branchName = detectBranchName(toolInput, repoRoot);
+  return Boolean(branchName && !isProtectedBranchName(branchName));
+}
+
+function registerPrThreadResolutionClaimGate(toolName, toolInput = {}) {
+  if (!isGitCommitCommand(toolName, toolInput)) return null;
+  const repoRoot = resolveRepoRoot(toolInput);
+  if (!hasPrBranchContext(toolInput, repoRoot)) return null;
+
+  const branchName = detectBranchName(toolInput, repoRoot);
+  const claimGate = registerClaimGate(
+    PR_THREAD_RESOLUTION_CLAIM_PATTERN,
+    PR_THREAD_RESOLUTION_REQUIRED_ACTIONS,
+    'A PR-branch commit requires verified review-thread resolution before more tool calls or readiness claims.',
+  );
+  trackAction(PR_THREAD_RESOLUTION_ACTION, {
+    branchName: branchName || null,
+    repoRoot: repoRoot || null,
+    commandHash: crypto.createHash('sha256').update(String(toolInput.command || '')).digest('hex'),
+  });
+  return claimGate;
+}
+
+function isThreadResolutionSatisfied() {
+  return PR_THREAD_RESOLUTION_REQUIRED_ACTIONS.some((actionId) => (
+    hasAction(actionId) || isConditionSatisfied(actionId)
+  ));
+}
+
+function isThreadResolutionEvidenceAction(toolName, toolInput = {}) {
+  if (isGitCommitCommand(toolName, toolInput)) return true;
+  if (['recall', 'search_lessons', 'verify_claim', 'satisfy_gate', 'track_action'].includes(toolName)) return true;
+  if (toolName !== 'Bash') return false;
+  const command = String(toolInput.command || '');
+  return /\b(?:gate-satisfy|satisfy_gate|track_action|gh\s+pr\s+(?:view|checks|status)|gh\s+api\b.*(?:reviewThreads|reviews|comments|threads)|git\s+(?:status|diff|show))\b/i.test(command);
+}
+
+function evaluatePendingPrThreadResolutionGate(toolName, toolInput = {}) {
+  if (!hasAction(PR_THREAD_RESOLUTION_ACTION)) return null;
+  if (isThreadResolutionSatisfied()) return null;
+  if (isThreadResolutionEvidenceAction(toolName, toolInput)) return null;
+
+  const message = 'A git commit was made on a PR branch. Verify review threads are resolved before the next tool call.';
+  return {
+    decision: 'deny',
+    gate: 'pr-thread-resolution-verified-required',
+    message,
+    severity: 'critical',
+    reasoning: [
+      `Tracked action ${PR_THREAD_RESOLUTION_ACTION} is pending`,
+      'Satisfy pr_threads_checked or thread_resolution_verified with evidence before continuing',
+    ],
+  };
+}
+
 function isScopeEnforcedAction(toolName, toolInput = {}, affectedFiles = []) {
   if (EDIT_LIKE_TOOLS.has(toolName) && affectedFiles.length > 0) return true;
   if (toolName !== 'Bash') return false;
@@ -1116,6 +1333,38 @@ async function evaluateGatesAsync(toolName, toolInput, configPath) {
   }
 
   const constraints = loadConstraints();
+  registerPrThreadResolutionClaimGate(toolName, toolInput);
+  const pendingThreadResolutionGate = evaluatePendingPrThreadResolutionGate(toolName, toolInput);
+  if (pendingThreadResolutionGate) {
+    recordStat(pendingThreadResolutionGate.gate, 'block');
+    const auditRecord = recordAuditEvent({
+      toolName,
+      toolInput,
+      decision: 'deny',
+      gateId: pendingThreadResolutionGate.gate,
+      message: pendingThreadResolutionGate.message,
+      severity: pendingThreadResolutionGate.severity,
+      source: 'gates-engine',
+    });
+    auditToFeedback(auditRecord);
+    return pendingThreadResolutionGate;
+  }
+
+  const boostedRiskGuard = evaluateBoostedRiskTagGuard(toolName, toolInput);
+  if (boostedRiskGuard) {
+    recordStat(boostedRiskGuard.gate, 'block');
+    const auditRecord = recordAuditEvent({
+      toolName,
+      toolInput,
+      decision: 'deny',
+      gateId: boostedRiskGuard.gate,
+      message: boostedRiskGuard.message,
+      severity: boostedRiskGuard.severity,
+      source: 'gates-engine',
+    });
+    auditToFeedback(auditRecord);
+    return boostedRiskGuard;
+  }
 
   // Fast-path: feedback/recall tools skip metric gates entirely (avoids Stripe API calls)
   const METRIC_SKIP_TOOLS = ['capture_feedback', 'feedback_stats', 'recall', 'feedback_summary', 'prevention_rules'];
@@ -1254,6 +1503,38 @@ function evaluateGates(toolName, toolInput, configPath) {
   }
 
   const constraints = loadConstraints();
+  registerPrThreadResolutionClaimGate(toolName, toolInput);
+  const pendingThreadResolutionGate = evaluatePendingPrThreadResolutionGate(toolName, toolInput);
+  if (pendingThreadResolutionGate) {
+    recordStat(pendingThreadResolutionGate.gate, 'block');
+    const auditRecord = recordAuditEvent({
+      toolName,
+      toolInput,
+      decision: 'deny',
+      gateId: pendingThreadResolutionGate.gate,
+      message: pendingThreadResolutionGate.message,
+      severity: pendingThreadResolutionGate.severity,
+      source: 'gates-engine',
+    });
+    auditToFeedback(auditRecord);
+    return pendingThreadResolutionGate;
+  }
+
+  const boostedRiskGuard = evaluateBoostedRiskTagGuard(toolName, toolInput);
+  if (boostedRiskGuard) {
+    recordStat(boostedRiskGuard.gate, 'block');
+    const auditRecord = recordAuditEvent({
+      toolName,
+      toolInput,
+      decision: 'deny',
+      gateId: boostedRiskGuard.gate,
+      message: boostedRiskGuard.message,
+      severity: boostedRiskGuard.severity,
+      source: 'gates-engine',
+    });
+    auditToFeedback(auditRecord);
+    return boostedRiskGuard;
+  }
 
   for (const gate of config.gates) {
     const matchDetails = matchGate(gate, toolName, toolInput);
@@ -1456,14 +1737,20 @@ function evaluateSecretGuard(input = {}) {
 // PreToolUse hook interface (stdin/stdout JSON)
 // ---------------------------------------------------------------------------
 
+function buildReminderOutput(context) {
+  return {
+    additionalContext: context,
+    systemReminder: context,
+    thumbgateSystemReminder: context,
+  };
+}
+
 function formatOutput(result, behavioralContext) {
   if (!result) {
     // No gate matched — inject behavioral context if available
     if (behavioralContext) {
       return JSON.stringify({
-        hookSpecificOutput: {
-          additionalContext: behavioralContext,
-        },
+        hookSpecificOutput: buildReminderOutput(behavioralContext),
       });
     }
     return JSON.stringify({});
@@ -1474,19 +1761,27 @@ function formatOutput(result, behavioralContext) {
     : '';
 
   if (result.decision === 'deny') {
+    const reminder = behavioralContext ? buildReminderOutput(behavioralContext) : {};
+    const reminderSuffix = behavioralContext ? `\n\nSystem reminder:\n${behavioralContext}` : '';
     return JSON.stringify({
       hookSpecificOutput: {
+        ...reminder,
         permissionDecision: 'deny',
-        permissionDecisionReason: `[GATE:${result.gate}] ${result.message}${reasoningSuffix}`,
+        permissionDecisionReason: `[GATE:${result.gate}] ${result.message}${reasoningSuffix}${reminderSuffix}`,
       },
     });
   }
 
   if (result.decision === 'warn') {
     const extra = behavioralContext ? `\n${behavioralContext}` : '';
+    const context = `[GATE:${result.gate}] WARNING: ${result.message}${reasoningSuffix}${extra}`;
     return JSON.stringify({
       hookSpecificOutput: {
-        additionalContext: `[GATE:${result.gate}] WARNING: ${result.message}${reasoningSuffix}${extra}`,
+        additionalContext: context,
+        ...(behavioralContext ? {
+          systemReminder: behavioralContext,
+          thumbgateSystemReminder: behavioralContext,
+        } : {}),
       },
     });
   }
@@ -1947,7 +2242,15 @@ module.exports = {
   extractActionContext,
   extractAvoidanceAdvice,
   mergeContextStrings,
+  buildReminderOutput,
   isHighRiskAction,
+  collectBoostedRiskTags,
+  isBoostedRiskHigh,
+  riskTagMatchesAction,
+  evaluateBoostedRiskTagGuard,
+  registerPrThreadResolutionClaimGate,
+  evaluatePendingPrThreadResolutionGate,
+  PR_THREAD_RESOLUTION_ACTION,
 };
 
 // ---------------------------------------------------------------------------