thumbgate 1.7.0 → 1.8.0

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -13,7 +13,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.7.0",
+      "version": "1.8.0",
       "author": {
         "name": "Igor Ganapolsky"
       },

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "Type 👍 or 👎 on any agent action. ThumbGate captures it, distills a lesson, and blocks the pattern from repeating. One thumbs-down = the agent physically cannot make that mistake again. 33 pre-action gates, budget enforcement, self-protection, and NIST/SOC2 compliance tags.",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "author": {
     "name": "Igor Ganapolsky"
   },

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://github.com/IgorGanapolsky/thumbgate",
   "transport": "stdio",

package/adapters/README.md

@@ -3,7 +3,7 @@
 - `chatgpt/openapi.yaml`: import into GPT Actions.
 - `gemini/function-declarations.json`: Gemini function-calling definitions.
 - `mcp/server-stdio.js`: underlying local MCP stdio server implementation.
-- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.7.0 thumbgate serve`.
+- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.8.0 thumbgate serve`.
 - `codex/config.toml`: example Codex MCP profile section using the same version-pinned portable launcher.
 - `amp/skills/thumbgate-feedback/SKILL.md`: Amp skill template.
 - `opencode/opencode.json`: portable OpenCode MCP profile using the same version-pinned portable launcher.

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.7.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.8.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.7.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.8.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -125,6 +125,8 @@ const {
   formatUnifiedContext,
 } = require('../../scripts/context-manager');
 const { exportHfDataset } = require('../../scripts/export-hf-dataset');
+const { distributeContextToAgents } = require('../../scripts/swarm-coordinator');
+const { buildSessionReport } = require('../../scripts/session-report');
 
 const PRO_CHECKOUT_URL = 'https://thumbgate-production.up.railway.app/checkout/pro';
 
@@ -146,7 +148,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.7.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.8.0' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -736,6 +738,53 @@ async function callToolInner(name, args) {
     }
     case 'verify_claim':
       return toTextResult(verifyClaimEvidence(args.claim));
+    case 'require_evidence_for_claim': {
+      if (!args.claim || typeof args.claim !== 'string') {
+        throw new Error('claim is required and must be a string');
+      }
+      const verification = verifyClaimEvidence(args.claim);
+      const mode = args.mode === 'advisory' ? 'advisory' : 'blocking';
+      const hasMatchingChecks = Array.isArray(verification.checks) && verification.checks.length > 0;
+      const evidenceMissing = hasMatchingChecks && !verification.verified;
+      const blocking = mode === 'blocking' && evidenceMissing;
+      const missingActions = hasMatchingChecks
+        ? Array.from(new Set(verification.checks.flatMap((check) => check.missing || [])))
+        : [];
+      try {
+        const { recordAuditEvent } = require('../../scripts/audit-trail');
+        recordAuditEvent({
+          toolName: 'require_evidence_for_claim',
+          toolInput: { claim: args.claim, mode, sessionId: args.sessionId || null },
+          decision: blocking ? 'deny' : 'allow',
+          gateId: 'completion_claim',
+          message: blocking
+            ? `Completion claim blocked — missing evidence: ${missingActions.join(', ') || 'unknown'}`
+            : `Completion claim verified (${verification.verified ? 'evidence present' : 'no matching gate'})`,
+          source: 'completion-gate',
+        });
+      } catch { /* audit write must never break tool response */ }
+      return toTextResult({
+        claim: args.claim,
+        mode,
+        blocking,
+        verified: verification.verified,
+        matchedChecks: hasMatchingChecks,
+        missingActions,
+        checks: verification.checks,
+        sessionId: args.sessionId || null,
+      });
+    }
+    case 'distribute_context_to_agents':
+      return toTextResult(distributeContextToAgents({
+        query: args.query || '',
+        agents: args.agents,
+        maxItems: args.maxItems,
+        maxChars: args.maxChars,
+        namespaces: Array.isArray(args.namespaces) ? args.namespaces : [],
+        ttlMs: args.ttlMs,
+      }));
+    case 'session_report':
+      return toTextResult(buildSessionReport({ windowHours: args.windowHours }));
     case 'check_operational_integrity':
       return toTextResult(evaluateOperationalIntegrity({
         repoPath: args.repoPath,

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.7.0",
+        "thumbgate@1.8.0",
         "thumbgate",
         "serve"
       ],

package/config/mcp-allowlists.json

@@ -52,6 +52,9 @@
       "get_reliability_rules",
       "describe_reliability_entity",
       "report_product_issue",
+      "require_evidence_for_claim",
+      "distribute_context_to_agents",
+      "session_report",
       "perplexity_search",
       "perplexity_ask",
       "perplexity_research",
@@ -81,7 +84,9 @@
       "feedback_stats",
       "feedback_summary",
       "estimate_uncertainty",
-      "report_product_issue"
+      "report_product_issue",
+      "require_evidence_for_claim",
+      "session_report"
     ],
     "commerce": [
       "capture_feedback",
@@ -129,6 +134,8 @@
       "describe_semantic_entity",
       "get_reliability_rules",
       "describe_reliability_entity",
+      "require_evidence_for_claim",
+      "session_report",
       "perplexity_search",
       "perplexity_ask"
     ],
@@ -158,6 +165,8 @@
       "describe_semantic_entity",
       "get_reliability_rules",
       "describe_reliability_entity",
+      "require_evidence_for_claim",
+      "session_report",
       "perplexity_search",
       "perplexity_ask"
     ],

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Self-improving agent governance: type thumbs-up or thumbs-down on any AI agent action. ThumbGate turns every mistake into a prevention rule and blocks the pattern from repeating. One thumbs-down, never again. 33 pre-action gates, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -19,7 +19,6 @@
     ".claude-plugin/marketplace.json",
     ".claude-plugin/plugin.json",
     ".well-known/",
-    "CHANGELOG.md",
     "LICENSE",
     "README.md",
     "adapters/amp/skills/thumbgate-feedback/SKILL.md",
@@ -49,6 +48,7 @@
     "scripts/agentic-data-pipeline.js",
     "scripts/analytics-report.js",
     "scripts/analytics-window.js",
+    "scripts/autonomous-workflow.js",
     "scripts/async-job-runner.js",
     "scripts/audit-trail.js",
     "scripts/auto-promote-gates.js",
@@ -173,6 +173,7 @@
     "scripts/slo-alert-engine.js",
     "scripts/spec-gate.js",
     "scripts/statusline-cache-path.js",
+    "scripts/statusline-context.js",
     "scripts/statusline-lesson.js",
     "scripts/statusline-links.js",
     "scripts/statusline-local-stats.js",
@@ -251,7 +252,10 @@
     "trace:eval": "node scripts/decision-trace.js eval",
     "social:reply-monitor": "node scripts/social-reply-monitor.js",
     "social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
-    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth",
+    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:swarm-coordinator && npm run test:session-report && npm run test:require-evidence-gate",
+    "test:swarm-coordinator": "node --test tests/swarm-coordinator.test.js",
+    "test:session-report": "node --test tests/session-report.test.js",
+    "test:require-evidence-gate": "node --test tests/require-evidence-gate.test.js",
     "test:session-health": "node --test tests/session-health-sensor.test.js",
     "test:session-episodes": "node --test tests/session-episode-store.test.js",
     "test:spec-gate": "node --test tests/spec-gate.test.js",
@@ -265,7 +269,7 @@
     "test:multi-hop-recall": "node --test tests/multi-hop-recall.test.js",
     "test:synthetic-dpo": "node --test tests/synthetic-dpo.test.js",
     "test:thumbgate-skill": "node --test tests/thumbgate-skill.test.js",
-    "test:statusline": "node --test tests/claude-feedback-sync.test.js tests/statusline.test.js tests/statusline-links.test.js",
+    "test:statusline": "node --test tests/claude-feedback-sync.test.js tests/statusline.test.js tests/statusline-context.test.js tests/statusline-links.test.js",
     "test:memory-dedup": "node --test tests/memory-dedup.test.js",
     "test:lesson-db": "node --test tests/lesson-db.test.js",
     "test:lesson-rotation": "node --test tests/lesson-rotation.test.js",
@@ -483,10 +487,11 @@
     "test:demo-voiceover": "node --test tests/demo-voiceover.test.js",
     "test:gate-coherence": "node --test tests/gate-coherence.test.js",
     "test:gate-eval": "node --test tests/gate-eval.test.js",
-    "test:high-roi": "node --test tests/high-roi.test.js",
+    "test:high-roi": "node --test tests/high-roi.test.js tests/autonomous-workflow.test.js",
     "test:public-static-assets": "node --test tests/public-static-assets.test.js",
     "test:token-savings": "node --test tests/token-savings.test.js",
-    "test:workflow-gate-checkpoint": "node --test tests/workflow-gate-checkpoint.test.js",
+    "test:workflow-gate-checkpoint": "node --test tests/workflow-gate-checkpoint.test.js tests/autonomous-workflow.test.js",
+    "workflow:autonomous": "node scripts/autonomous-workflow.js",
     "test:lesson-export-import": "node --test tests/lesson-export-import.test.js",
     "test:landing-page-claims": "node --test tests/landing-page-claims.test.js",
     "test:dashboard-deeplink-e2e": "node --test tests/dashboard-deeplink-e2e.test.js",

package/public/index.html

@@ -974,7 +974,7 @@ __GA_BOOTSTRAP__
 <!-- HOW IT WORKS -->
 <section class="how-it-works" id="how-it-works">
   <div class="container">
-    <div class="section-label">New in v1.7.0</div>
+    <div class="section-label">New in v1.8.0</div>
     <h2 class="section-title">Three steps to stop repeated AI failures</h2>
     <div class="steps">
       <div class="step">
@@ -1330,7 +1330,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.7.0</span>
+    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.8.0</span>
   </div>
 </footer>
 

package/scripts/autonomous-workflow.js

@@ -0,0 +1,377 @@
+#!/usr/bin/env node
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const { ensureDir } = require('./fs-utils');
+const {
+  executeJob,
+  readJobState,
+  resumeJob,
+} = require('./async-job-runner');
+const {
+  createCheckpoint,
+  advanceCheckpoint,
+  loadCheckpoint,
+  saveCheckpoint,
+} = require('./workflow-gate-checkpoint');
+const { appendWorkflowRun } = require('./workflow-runs');
+
+function normalizeText(value) {
+  if (value === undefined || value === null) return '';
+  return String(value).trim();
+}
+
+function slugify(value, fallback = 'workflow') {
+  // Avoid any `-+` quantifier in an edge-anchored regex (Sonar javascript:S5852
+  // still flags even the anchored form). Strip edge dashes with a linear scan.
+  const collapsed = normalizeText(value).toLowerCase().replace(/[^a-z0-9]+/g, '-');
+  let start = 0;
+  let end = collapsed.length;
+  while (start < end && collapsed.charCodeAt(start) === 45) start += 1;
+  while (end > start && collapsed.charCodeAt(end - 1) === 45) end -= 1;
+  const normalized = collapsed.slice(start, end);
+  return normalized || fallback;
+}
+
+function getWorkflowPaths(workflowId, cwd = process.cwd()) {
+  const rootDir = path.join(cwd, '.thumbgate', 'autonomous-workflows', workflowId);
+  return {
+    rootDir,
+    checkpointPath: path.join(rootDir, 'checkpoint.json'),
+    reportJsonPath: path.join(rootDir, 'report.json'),
+    reportMdPath: path.join(rootDir, 'report.md'),
+    planPath: path.join(rootDir, 'plan.json'),
+  };
+}
+
+function normalizePlan(input, workflowId) {
+  if (Array.isArray(input)) {
+    return {
+      workflowId,
+      summary: input.map((step) => normalizeText(step)).filter(Boolean).join(' | ') || 'Execution plan ready',
+      steps: input
+        .map((step, index) => ({
+          id: `step_${index + 1}`,
+          description: normalizeText(step),
+        }))
+        .filter((step) => step.description),
+    };
+  }
+
+  if (input && typeof input === 'object') {
+    const steps = Array.isArray(input.steps)
+      ? input.steps
+        .map((step, index) => {
+          if (typeof step === 'string') {
+            return {
+              id: `step_${index + 1}`,
+              description: normalizeText(step),
+            };
+          }
+
+          if (step && typeof step === 'object') {
+            return {
+              id: normalizeText(step.id) || `step_${index + 1}`,
+              description: normalizeText(step.description || step.summary || step.name),
+            };
+          }
+
+          return null;
+        })
+        .filter(Boolean)
+      : [];
+
+    return {
+      workflowId,
+      summary: normalizeText(input.summary) || steps.map((step) => step.description).join(' | ') || 'Execution plan ready',
+      steps,
+    };
+  }
+
+  const summary = normalizeText(input) || 'Execution plan ready';
+  return {
+    workflowId,
+    summary,
+    steps: summary ? [{ id: 'step_1', description: summary }] : [],
+  };
+}
+
+function buildDefaultPlan(spec, workflowId) {
+  const executionSteps = Array.isArray(spec.stages)
+    ? spec.stages.map((stage, index) => normalizeText(stage && (stage.name || stage.context || stage.command)) || `Stage ${index + 1}`)
+    : [];
+
+  return normalizePlan({
+    summary: normalizeText(spec.planSummary) || `Run ${executionSteps.length || 0} execution stage(s) and verify output`,
+    steps: [
+      { id: 'intent', description: normalizeText(spec.intent) || 'Intent captured' },
+      { id: 'plan', description: 'Execution plan generated' },
+      ...executionSteps.map((description, index) => ({
+        id: `execute_${index + 1}`,
+        description,
+      })),
+      { id: 'verify', description: 'Verification loop completed' },
+      { id: 'report', description: 'Evidence-backed report recorded' },
+    ],
+    workflowId,
+  }, workflowId);
+}
+
+function resolvePlan(spec, workflowId) {
+  if (typeof spec.plan === 'function') {
+    return normalizePlan(spec.plan(spec), workflowId);
+  }
+
+  if (spec.plan) {
+    return normalizePlan(spec.plan, workflowId);
+  }
+
+  return buildDefaultPlan(spec, workflowId);
+}
+
+function buildExecutionJob(spec, workflowId, paths, plan) {
+  return {
+    id: spec.jobId || `${workflowId}-execution`,
+    tags: Array.isArray(spec.tags) ? spec.tags : [],
+    skill: spec.skill || 'autonomous-workflow',
+    partnerProfile: spec.partnerProfile || null,
+    verificationMode: spec.verificationMode === 'none' ? 'none' : 'standard',
+    autoImprove: spec.autoImprove !== false,
+    recordFeedback: spec.recordFeedback !== false,
+    stages: Array.isArray(spec.stages) ? spec.stages : [],
+    metadata: {
+      workflowId,
+      planSummary: plan.summary,
+      workflowRoot: paths.rootDir,
+    },
+  };
+}
+
+function writeWorkflowPlan(paths, plan) {
+  ensureDir(paths.rootDir);
+  fs.writeFileSync(paths.planPath, `${JSON.stringify(plan, null, 2)}\n`, 'utf8');
+  return paths.planPath;
+}
+
+function collectEvidenceArtifacts(paths, executionResult, extraArtifacts = []) {
+  return [
+    paths.checkpointPath,
+    paths.planPath,
+    paths.reportJsonPath,
+    paths.reportMdPath,
+    executionResult && executionResult.jobStatePath ? executionResult.jobStatePath : null,
+    ...extraArtifacts,
+  ].filter(Boolean);
+}
+
+function writeWorkflowReport(paths, report) {
+  ensureDir(paths.rootDir);
+  fs.writeFileSync(paths.reportJsonPath, `${JSON.stringify(report, null, 2)}\n`, 'utf8');
+
+  const markdown = [
+    `# ${report.workflowName}`,
+    '',
+    `- Workflow ID: ${report.workflowId}`,
+    `- Status: ${report.status}`,
+    `- Intent: ${report.intent}`,
+    `- Verification accepted: ${report.verification ? String(report.verification.accepted) : 'skipped'}`,
+    `- Evidence artifacts: ${report.evidenceArtifacts.length}`,
+    '',
+    '## Plan',
+    '',
+    report.plan.summary,
+    '',
+    ...report.plan.steps.map((step) => `- ${step.id}: ${step.description}`),
+    '',
+    '## Execution',
+    '',
+    ...report.execution.stageHistory.map((stage) => `- ${stage.name} @ ${stage.completedAt}`),
+    '',
+    '## Evidence Artifacts',
+    '',
+    ...report.evidenceArtifacts.map((artifact) => `- ${artifact}`),
+  ].join('\n');
+
+  fs.writeFileSync(paths.reportMdPath, `${markdown}\n`, 'utf8');
+  return {
+    json: paths.reportJsonPath,
+    markdown: paths.reportMdPath,
+  };
+}
+
+function recordAutonomousWorkflowRun(spec, report, evidenceArtifacts, feedbackDir) {
+  const proofBacked = report.status === 'completed'
+    && (!report.verification || report.verification.accepted)
+    && evidenceArtifacts.length > 0;
+
+  return appendWorkflowRun({
+    workflowId: report.workflowId,
+    workflowName: report.workflowName,
+    owner: spec.owner || 'automation',
+    runtime: 'node',
+    status: report.status,
+    customerType: spec.customerType || 'internal_dogfood',
+    teamId: spec.teamId || null,
+    reviewed: proofBacked,
+    reviewedBy: proofBacked ? (spec.reviewedBy || 'automation') : null,
+    proofBacked,
+    proofArtifacts: evidenceArtifacts,
+    source: spec.source || 'autonomous-workflow',
+    metadata: {
+      intent: report.intent,
+      planSummary: report.plan.summary,
+      verificationAttempts: report.verification ? report.verification.attempts : 0,
+      executionJobId: report.execution.jobId,
+    },
+  }, feedbackDir);
+}
+
+function runAutonomousWorkflow(spec = {}, options = {}) {
+  const cwd = options.cwd || process.cwd();
+  const workflowId = normalizeText(spec.workflowId) || slugify(spec.name || spec.intent, 'autonomous-workflow');
+  const workflowName = normalizeText(spec.name) || `Autonomous workflow ${workflowId}`;
+  const intent = normalizeText(spec.intent) || 'Intent not provided';
+  const paths = getWorkflowPaths(workflowId, cwd);
+  const plan = resolvePlan(spec, workflowId);
+
+  writeWorkflowPlan(paths, plan);
+
+  let checkpoint = createCheckpoint({
+    workflowId,
+    phase: 'intent',
+    status: 'running',
+    intent: { summary: intent },
+    plan,
+    evidence: [paths.planPath],
+    metadata: {
+      workflowName,
+    },
+  });
+  saveCheckpoint(checkpoint, paths.checkpointPath);
+
+  checkpoint = advanceCheckpoint(checkpoint, {
+    phase: 'plan',
+    status: 'running',
+    plan,
+    evidence: [paths.planPath],
+  });
+  saveCheckpoint(checkpoint, paths.checkpointPath);
+
+  const job = buildExecutionJob(spec, workflowId, paths, plan);
+  const executionResult = options.resume === true
+    ? resumeJob(job.id, job)
+    : executeJob(job);
+  const jobState = readJobState(job.id);
+
+  checkpoint = advanceCheckpoint(checkpoint, {
+    phase: 'verify',
+    status: executionResult.status,
+    evidence: jobState && jobState.verification ? [paths.checkpointPath] : [],
+    metadata: {
+      executionJobId: job.id,
+      executionStatus: executionResult.status,
+    },
+  });
+  saveCheckpoint(checkpoint, paths.checkpointPath);
+
+  const report = {
+    workflowId,
+    workflowName,
+    status: executionResult.status,
+    intent,
+    plan,
+    execution: {
+      jobId: job.id,
+      status: executionResult.status,
+      stageHistory: Array.isArray(jobState && jobState.stageHistory) ? jobState.stageHistory : [],
+      checkpointCount: Array.isArray(jobState && jobState.checkpoints) ? jobState.checkpoints.length : 0,
+      currentContext: jobState && jobState.currentContext ? jobState.currentContext : '',
+      jobStatePath: jobState ? path.join(getFeedbackDir(options.feedbackDir), 'jobs', job.id, 'state.json') : null,
+    },
+    verification: executionResult.phases ? executionResult.phases.verification : null,
+    phases: executionResult.phases || null,
+    timestamp: new Date().toISOString(),
+    evidenceArtifacts: [],
+  };
+
+  const evidenceArtifacts = collectEvidenceArtifacts(paths, report.execution, spec.proofArtifacts);
+  report.evidenceArtifacts = evidenceArtifacts;
+
+  checkpoint = advanceCheckpoint(checkpoint, {
+    phase: 'report',
+    status: executionResult.status,
+    report: {
+      status: report.status,
+      generatedAt: report.timestamp,
+    },
+    evidence: evidenceArtifacts,
+  });
+  saveCheckpoint(checkpoint, paths.checkpointPath);
+
+  writeWorkflowReport(paths, report);
+  report.workflowRun = recordAutonomousWorkflowRun(spec, report, evidenceArtifacts, options.feedbackDir);
+  fs.writeFileSync(paths.reportJsonPath, `${JSON.stringify(report, null, 2)}\n`, 'utf8');
+
+  return report;
+}
+
+function getFeedbackDir(feedbackDir) {
+  if (feedbackDir) return feedbackDir;
+  return process.env.THUMBGATE_FEEDBACK_DIR || path.join(process.cwd(), '.thumbgate');
+}
+
+function resumeAutonomousWorkflow(spec = {}, options = {}) {
+  return runAutonomousWorkflow(spec, { ...options, resume: true });
+}
+
+function readWorkflowReport(workflowId, options = {}) {
+  const paths = getWorkflowPaths(workflowId, options.cwd || process.cwd());
+  if (!fs.existsSync(paths.reportJsonPath)) return null;
+  return JSON.parse(fs.readFileSync(paths.reportJsonPath, 'utf8'));
+}
+
+function isCliInvocation(argv = process.argv) {
+  const invokedPath = argv[1];
+  return invokedPath ? path.resolve(invokedPath) === __filename : false;
+}
+
+function parseArgs(argv = process.argv.slice(2)) {
+  const args = {};
+  for (const arg of argv) {
+    if (!arg.startsWith('--')) continue;
+    const [key, ...rest] = arg.slice(2).split('=');
+    args[key] = rest.length > 0 ? rest.join('=') : true;
+  }
+  return args;
+}
+
+if (isCliInvocation()) {
+  const args = parseArgs();
+  if (!args.file) {
+    console.error('Usage: node scripts/autonomous-workflow.js --file=workflow.json [--resume]');
+    process.exit(1);
+  }
+
+  const specPath = path.resolve(args.file);
+  const spec = JSON.parse(fs.readFileSync(specPath, 'utf8'));
+  const report = args.resume ? resumeAutonomousWorkflow(spec) : runAutonomousWorkflow(spec);
+  console.log(JSON.stringify(report, null, 2));
+  process.exit(report.status === 'completed' ? 0 : 1);
+}
+
+module.exports = {
+  buildDefaultPlan,
+  collectEvidenceArtifacts,
+  getWorkflowPaths,
+  normalizePlan,
+  parseArgs,
+  readWorkflowReport,
+  recordAutonomousWorkflowRun,
+  resumeAutonomousWorkflow,
+  runAutonomousWorkflow,
+  slugify,
+  writeWorkflowPlan,
+  writeWorkflowReport,
+};