thumbgate 1.9.0 → 1.10.1

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.9.0",
+  "version": "1.10.1",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -13,7 +13,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.9.0",
+      "version": "1.10.1",
       "author": {
         "name": "Igor Ganapolsky"
       },

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "Type 👍 or 👎 on any agent action. ThumbGate captures it, distills a lesson, and blocks the pattern from repeating. One thumbs-down = the agent physically cannot make that mistake again. 33 pre-action gates, budget enforcement, self-protection, and NIST/SOC2 compliance tags.",
-  "version": "1.9.0",
+  "version": "1.10.1",
   "author": {
     "name": "Igor Ganapolsky"
   },

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.9.0",
+  "version": "1.10.1",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "transport": "stdio",

package/adapters/README.md

@@ -3,7 +3,7 @@
 - `chatgpt/openapi.yaml`: import into GPT Actions.
 - `gemini/function-declarations.json`: Gemini function-calling definitions.
 - `mcp/server-stdio.js`: underlying local MCP stdio server implementation.
-- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.9.0 thumbgate serve`.
+- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.10.1 thumbgate serve`.
 - `codex/config.toml`: example Codex MCP profile section using the same version-pinned portable launcher.
 - `amp/skills/thumbgate-feedback/SKILL.md`: Amp skill template.
 - `opencode/opencode.json`: portable OpenCode MCP profile using the same version-pinned portable launcher.

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.9.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.10.1", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.9.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.10.1", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -152,7 +152,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.9.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.10.1' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.9.0",
+        "thumbgate@1.10.1",
         "thumbgate",
         "serve"
       ],

package/config/enforcement.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "./enforcement.schema.json",
+  "description": "Loss matrix and enforcement knobs for the Bayes-optimal pre-tool-use gate. See scripts/bayes-optimal-gate.js for the decision math. Tags listed here mirror the canonical tags emitted by risk-scorer.buildPatternSummary. To disable tag-specific costs and fall back to a symmetric 1:1 decision, reduce any override to 1.0.",
+  "lossMatrix": {
+    "falseAllow": {
+      "default": 1.0,
+      "deploy-prod": 100.0,
+      "destructive": 50.0,
+      "secrets": 1000.0,
+      "force-push-main": 200.0,
+      "data-loss": 500.0,
+      "credentials": 800.0,
+      "rm-rf": 300.0,
+      "git-reset-hard": 100.0
+    },
+    "falseBlock": {
+      "default": 1.0
+    }
+  },
+  "bayesOptimalEnabled": true,
+  "bayesPosteriorFloor": 0.05
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.9.0",
+  "version": "1.10.1",
   "description": "Self-improving agent governance: type thumbs-up or thumbs-down on any AI agent action. ThumbGate turns every mistake into a prevention rule and blocks the pattern from repeating. One thumbs-down, never again. 33 pre-action gates, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -54,6 +54,7 @@
     "scripts/audit-trail.js",
     "scripts/auto-promote-gates.js",
     "scripts/auto-wire-hooks.js",
+    "scripts/bayes-optimal-gate.js",
     "scripts/belief-update.js",
     "scripts/billing-setup.js",
     "scripts/billing.js",
@@ -254,7 +255,7 @@
     "trace:eval": "node scripts/decision-trace.js eval",
     "social:reply-monitor": "node scripts/social-reply-monitor.js",
     "social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
-    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:swarm-coordinator && npm run test:session-report && npm run test:require-evidence-gate",
+    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:require-evidence-gate",
     "test:swarm-coordinator": "node --test tests/swarm-coordinator.test.js",
     "test:session-report": "node --test tests/session-report.test.js",
     "test:require-evidence-gate": "node --test tests/require-evidence-gate.test.js",
@@ -504,9 +505,10 @@
     "test:cursor-wiring": "node --test tests/cursor-wiring.test.js",
     "test:pretooluse-injection": "node --test tests/pretooluse-lesson-injection.test.js",
     "test:recent-corrective-context": "node --test tests/recent-corrective-actions-context.test.js",
-    "test:mailer": "node --test tests/mailer.test.js tests/billing-webhook-email.test.js",
+    "test:mailer": "node --test tests/mailer.test.js tests/mailer-dns.test.js tests/billing-webhook-email.test.js",
     "test:brand-assets": "node --test tests/brand-assets.test.js",
-    "test:enforcement-teeth": "node --test tests/enforcement-teeth.test.js"
+    "test:enforcement-teeth": "node --test tests/enforcement-teeth.test.js",
+    "test:bayes-optimal-gate": "node --test tests/bayes-optimal-gate.test.js"
   },
   "keywords": [
     "mcp",

package/public/index.html

@@ -974,7 +974,7 @@ __GA_BOOTSTRAP__
 <!-- HOW IT WORKS -->
 <section class="how-it-works" id="how-it-works">
   <div class="container">
-    <div class="section-label">New in v1.9.0</div>
+    <div class="section-label">New in v1.10.1</div>
     <h2 class="section-title">Three steps to stop repeated AI failures</h2>
     <div class="steps">
       <div class="step">
@@ -1330,7 +1330,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.9.0</span>
+    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.10.1</span>
   </div>
 </footer>
 

package/scripts/bayes-optimal-gate.js

@@ -0,0 +1,273 @@
+'use strict';
+
+/**
+ * scripts/bayes-optimal-gate.js
+ *
+ * Bayes-optimal decision layer for ThumbGate's pre-tool-use gate.
+ *
+ * Why this exists:
+ *   The legacy gate blocks a tool call when any matched lesson tag has a
+ *   heuristic risk score ≥ a global threshold. That is a "threshold on a
+ *   heuristic" rule, not a Bayes-optimal decision. It cannot express two
+ *   facts that matter in practice:
+ *     1. Different tags carry different empirical harm rates (a prior).
+ *     2. Mis-classification is asymmetric — letting a harmful `deploy-prod`
+ *        call through is far more expensive than briefly blocking a safe
+ *        lint fix. A single global threshold cannot reflect that.
+ *
+ * What this module provides:
+ *   - `computeBayesPosterior(...)` — P(harmful | tags) combining the trained
+ *     model's probability (if present), the base rate, and per-tag empirical
+ *     risk rates via a clipped Bayes-factor update.
+ *   - `bayesOptimalDecision(...)` — cost-weighted argmax over {block, allow}
+ *     using a configurable loss matrix. Block iff the expected loss of
+ *     allowing exceeds the expected loss of blocking.
+ *   - `computeBayesErrorRate(rows)` — the irreducible error floor of the
+ *     current feature set (tag signatures). Useful as a stopping rule when
+ *     tuning the scorer.
+ *
+ * No external deps. Pure functions; the only IO is an optional
+ * `config/enforcement.json` read inside `loadLossMatrix()`.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+// Baseline loss matrix. `default` applies when no tag-specific override
+// matches. Higher = more expensive. The asymmetry below reflects the
+// observed cost of real ThumbGate incidents: false-allow on a destructive
+// or production-facing action costs hours of recovery and credibility;
+// false-block costs the operator one explicit override flag.
+const DEFAULT_LOSS_MATRIX = {
+  falseAllow: {
+    default: 1.0,
+    'deploy-prod': 100.0,
+    'destructive': 50.0,
+    'secrets': 1000.0,
+    'force-push-main': 200.0,
+    'data-loss': 500.0,
+  },
+  falseBlock: {
+    default: 1.0,
+  },
+};
+
+const ENFORCEMENT_CONFIG_PATH = path.join(__dirname, '..', 'config', 'enforcement.json');
+
+/**
+ * Load the loss matrix from `config/enforcement.json` if present, otherwise
+ * return the baked-in default. Any parse/IO failure falls back to defaults —
+ * the Bayes gate must never deadlock the hook on a config problem.
+ */
+function loadLossMatrix(configPath = ENFORCEMENT_CONFIG_PATH) {
+  try {
+    if (!fs.existsSync(configPath)) return DEFAULT_LOSS_MATRIX;
+    const raw = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    if (!raw || typeof raw !== 'object' || !raw.lossMatrix) return DEFAULT_LOSS_MATRIX;
+    return {
+      falseAllow: { ...DEFAULT_LOSS_MATRIX.falseAllow, ...(raw.lossMatrix.falseAllow || {}) },
+      falseBlock: { ...DEFAULT_LOSS_MATRIX.falseBlock, ...(raw.lossMatrix.falseBlock || {}) },
+    };
+  } catch {
+    return DEFAULT_LOSS_MATRIX;
+  }
+}
+
+/**
+ * Look up the maximum applicable cost for a side of the loss matrix.
+ * A single high-cost tag (e.g. `deploy-prod`) dominates — one dangerous tag
+ * in a bundle of otherwise innocuous tags must still flip the decision.
+ */
+function resolveCost(matrixSide, tags) {
+  const defaultCost = Number(matrixSide?.default ?? 1);
+  let cost = Number.isFinite(defaultCost) ? defaultCost : 1;
+  for (const tag of tags || []) {
+    const key = String(tag || '').trim().toLowerCase();
+    if (!key) continue;
+    const candidate = Number(matrixSide?.[key]);
+    if (Number.isFinite(candidate) && candidate > cost) cost = candidate;
+  }
+  return cost;
+}
+
+/**
+ * Clip a number to [min, max]. Used to bound the Bayes factor so a single
+ * noisy tag (e.g. 1/1 harmful) cannot flip the decision on the basis of one
+ * observation. The clip window is conservative on purpose.
+ */
+function clip(value, min, max) {
+  if (Number.isNaN(value) || value === undefined || value === null) return min;
+  // +Infinity/-Infinity are finite conceptually at the bounds — clamp them to
+  // the nearest edge rather than silently collapsing to `min`.
+  if (value === Infinity) return max;
+  if (value === -Infinity) return min;
+  if (typeof value !== 'number') return min;
+  return Math.min(Math.max(value, min), max);
+}
+
+/**
+ * Normalize a tag into the canonical lowercase key used by the model's
+ * pattern summary. Returns an empty string for falsy or non-string tags.
+ */
+function normalizeTag(tag) {
+  return String(tag || '').trim().toLowerCase();
+}
+
+/**
+ * Build a Map(tag -> riskRate) from the model's `highRiskTags` array.
+ * `riskRate` is empirical P(harmful | tag) computed from feedback sequences
+ * by `risk-scorer.buildPatternSummary`.
+ */
+function buildRiskRateMap(highRiskTags) {
+  const map = new Map();
+  if (!Array.isArray(highRiskTags)) return map;
+  for (const bucket of highRiskTags) {
+    const key = normalizeTag(bucket?.key || bucket?.tag);
+    if (!key) continue;
+    const rate = Number(bucket?.riskRate ?? bucket?.rate);
+    if (Number.isFinite(rate) && rate >= 0 && rate <= 1) {
+      map.set(key, rate);
+    }
+  }
+  return map;
+}
+
+/**
+ * Compute P(harmful | tags) as a Bayes-factor update over a starting
+ * probability. If `modelProbability` is supplied (the trained scorer's
+ * direct output), it seeds the update — richer feature evidence than the
+ * raw base rate. Otherwise we fall back to the prior.
+ *
+ * For each observed tag with a known empirical risk rate, we multiply the
+ * current odds by `riskRate / prior` (the Bayes factor), then convert odds
+ * back to probability. The Bayes factor is clipped to [0.25, 4.0] to keep a
+ * single sparsely-observed tag from dominating.
+ */
+function computeBayesPosterior({ tags, riskByTag, baseRate, modelProbability } = {}) {
+  const prior = clip(Number(baseRate) || 0, 0.01, 0.99);
+  const seed = Number.isFinite(modelProbability) ? clip(modelProbability, 0.01, 0.99) : prior;
+
+  let odds = seed / (1 - seed);
+  const rateMap = riskByTag instanceof Map
+    ? riskByTag
+    : new Map(Object.entries(riskByTag || {}).map(([k, v]) => [normalizeTag(k), Number(v)]));
+
+  const evidence = [];
+  for (const tag of tags || []) {
+    const key = normalizeTag(tag);
+    if (!key) continue;
+    const rate = rateMap.get(key);
+    if (!Number.isFinite(rate)) continue;
+    const bayesFactor = clip(rate / prior, 0.25, 4.0);
+    odds *= bayesFactor;
+    evidence.push({ tag: key, rate, bayesFactor: round3(bayesFactor) });
+  }
+
+  const pHarmful = odds / (1 + odds);
+  return {
+    pHarmful: round3(pHarmful),
+    pSafe: round3(1 - pHarmful),
+    prior: round3(prior),
+    seed: round3(seed),
+    evidence,
+  };
+}
+
+/**
+ * Cost-weighted Bayes-optimal decision. Block iff
+ *   E[loss | allow] = P(harmful) * cost(falseAllow)
+ * exceeds
+ *   E[loss | block] = P(safe)    * cost(falseBlock).
+ *
+ * This reduces to the usual Bayes classifier when both costs are equal.
+ */
+function bayesOptimalDecision(posterior, tags, lossMatrix = DEFAULT_LOSS_MATRIX) {
+  const pHarmful = clip(Number(posterior?.pHarmful), 0, 1);
+  const pSafe = clip(Number(posterior?.pSafe ?? 1 - pHarmful), 0, 1);
+  const cFalseAllow = resolveCost(lossMatrix?.falseAllow || {}, tags);
+  const cFalseBlock = resolveCost(lossMatrix?.falseBlock || {}, tags);
+  const lossAllow = pHarmful * cFalseAllow;
+  const lossBlock = pSafe * cFalseBlock;
+  return {
+    decision: lossAllow > lossBlock ? 'block' : 'allow',
+    expectedLoss: {
+      allow: round3(lossAllow),
+      block: round3(lossBlock),
+    },
+    costs: { falseAllow: cFalseAllow, falseBlock: cFalseBlock },
+  };
+}
+
+/**
+ * Bayes error rate: the irreducible error floor of a classifier built on
+ * the current feature set, estimated empirically from `rows`.
+ *
+ * For each tag signature s we have n_s rows of which k_s were harmful. The
+ * optimal per-signature prediction errs with probability min(k/n, 1-k/n).
+ * Weighting by P(s) = n_s / N and summing gives the Bayes error rate.
+ *
+ * Returns null when `rows` is empty or not an array.
+ */
+function computeBayesErrorRate(rows) {
+  if (!Array.isArray(rows) || rows.length === 0) return null;
+
+  const buckets = new Map();
+  for (const row of rows) {
+    const sig = tagSignature(row);
+    if (!buckets.has(sig)) buckets.set(sig, { total: 0, harmful: 0 });
+    const bucket = buckets.get(sig);
+    bucket.total += 1;
+    if (isHarmful(row)) bucket.harmful += 1;
+  }
+
+  const total = rows.length;
+  let err = 0;
+  for (const { total: n, harmful: k } of buckets.values()) {
+    const p = n === 0 ? 0 : k / n;
+    err += (n / total) * Math.min(p, 1 - p);
+  }
+  return round3(err);
+}
+
+function tagSignature(row) {
+  const raw = Array.isArray(row?.targetTags)
+    ? row.targetTags
+    : Array.isArray(row?.tags)
+      ? row.tags
+      : [];
+  const normalized = raw.map(normalizeTag).filter(Boolean).sort();
+  return normalized.join('|') || '__none__';
+}
+
+/**
+ * Mirror of `risk-scorer.deriveTargetRisk` so this module has no cycle back
+ * into risk-scorer. Kept intentionally narrow — if risk-scorer's definition
+ * broadens, revisit here too.
+ */
+function isHarmful(row) {
+  if (!row || typeof row !== 'object') return false;
+  if (typeof row.targetRisk === 'number') return row.targetRisk > 0;
+  if (typeof row.accepted === 'boolean' && row.accepted === false) return true;
+  const label = String(row.label || row.signal || '').toLowerCase();
+  return label === 'negative';
+}
+
+function round3(n) {
+  if (!Number.isFinite(n)) return 0;
+  return Math.round(n * 1000) / 1000;
+}
+
+module.exports = {
+  DEFAULT_LOSS_MATRIX,
+  ENFORCEMENT_CONFIG_PATH,
+  loadLossMatrix,
+  resolveCost,
+  buildRiskRateMap,
+  computeBayesPosterior,
+  bayesOptimalDecision,
+  computeBayesErrorRate,
+  tagSignature,
+  isHarmful,
+  clip,
+  normalizeTag,
+};

package/scripts/gate-stats.js

@@ -4,6 +4,8 @@
 const fs = require('fs');
 const path = require('path');
 const { getAutoGatesPath } = require('./auto-promote-gates');
+const { computeBayesErrorRate } = require('./bayes-optimal-gate');
+const { sequencePathFor } = require('./risk-scorer');
 
 const PROJECT_ROOT = path.join(__dirname, '..');
 const MANUAL_GATES_PATH = path.join(PROJECT_ROOT, 'config', 'gates', 'default.json');
@@ -55,6 +57,14 @@ function calculateStats() {
   const estimatedMinutesSaved = (totalBlocked + totalWarned) * 15;
   const estimatedHoursSaved = (estimatedMinutesSaved / 60).toFixed(1);
 
+  // Bayes error rate: irreducible error floor of the current scorer given its
+  // feature set (tag signatures). If this is near zero, the scorer is already
+  // close to optimal — threshold tuning won't help, and new features are the
+  // only lever. If this is high, the feature set can't discriminate the signal
+  // and we should add features (file path, recency, commit context) rather
+  // than tune thresholds. Null when no feedback sequences have been recorded.
+  const bayesErrorRate = tryComputeBayesErrorRate();
+
   return {
     totalGates: allGates.length,
     manualGates: manualGates.length,
@@ -66,10 +76,26 @@ function calculateStats() {
     topBlocked,
     lastPromotion,
     estimatedHoursSaved,
+    bayesErrorRate,
     gates: allGates,
   };
 }
 
+function tryComputeBayesErrorRate() {
+  try {
+    const seqPath = sequencePathFor();
+    if (!fs.existsSync(seqPath)) return null;
+    const rows = fs.readFileSync(seqPath, 'utf8')
+      .split('\n')
+      .filter(Boolean)
+      .map((line) => { try { return JSON.parse(line); } catch { return null; } })
+      .filter(Boolean);
+    return computeBayesErrorRate(rows);
+  } catch {
+    return null;
+  }
+}
+
 function formatLastPromotion(promo) {
   if (!promo) return 'none';
   const ts = promo.timestamp ? new Date(promo.timestamp) : null;
@@ -94,9 +120,18 @@ function formatStats(stats) {
   lines.push(`  Top blocked gate: ${stats.topBlocked ? `${stats.topBlocked.id} (${stats.topBlocked.occurrences || 0} blocks)` : 'none'}`);
   lines.push(`  Last promotion: ${formatLastPromotion(stats.lastPromotion)}`);
   lines.push(`  Estimated time saved: ~${stats.estimatedHoursSaved} hours`);
+  lines.push(`  Bayes error rate: ${formatBayesErrorRate(stats.bayesErrorRate)}`);
   return lines.join('\n');
 }
 
+function formatBayesErrorRate(rate) {
+  if (rate === null || rate === undefined) return 'n/a (no feedback sequences yet)';
+  const pct = (rate * 100).toFixed(1);
+  if (rate < 0.02) return `${pct}% — scorer is near-optimal; add features, don't tune thresholds`;
+  if (rate < 0.10) return `${pct}% — scorer has modest headroom`;
+  return `${pct}% — high irreducible error; the feature set can't discriminate`;
+}
+
 if (require.main === module) {
   try {
     const stats = calculateStats();
@@ -111,6 +146,8 @@ module.exports = {
   calculateStats,
   formatStats,
   formatLastPromotion,
+  formatBayesErrorRate,
   loadGatesFile,
+  tryComputeBayesErrorRate,
   MANUAL_GATES_PATH,
 };

package/scripts/mailer/resend-mailer.js

@@ -36,7 +36,12 @@ const SENDER_DNS_CACHE_MS = 10 * 60 * 1000;
 const ANGLE_EMAIL_RE = /<([^<>@\s]{1,64}@[^<>@\s]{1,255})>/;
 const BARE_EMAIL_RE = /([^\s<>@]{1,64}@[^\s<>@]{1,255})/;
 const DKIM_PUBLIC_KEY_RE = /^p=/i;
-const AMAZON_SES_MX_RE = /feedback-smtp\..*amazonaws\.com\.?$/i;
+// Resend fronts outbound mail with Amazon SES; the MX for send.<domain> points
+// at feedback-smtp.<region>.amazonses.com. Earlier revisions of this regex
+// mistakenly matched `amazonaws.com`, so the positive branch never fired in
+// production. Matching `amazonses.com` (optionally with a trailing dot) is
+// what Resend's DNS setup wizard actually publishes.
+const AMAZON_SES_MX_RE = /feedback-smtp\..*amazonses\.com\.?$/i;
 const AMAZON_SES_SPF_RE = /include:amazonses\.com/i;
 const TRAILING_EMAIL_DOMAIN_PUNCTUATION = new Set(['>', ')', ',', '.', ';']);
 const senderDnsCache = new Map();
@@ -504,6 +509,11 @@ module.exports = {
   renderTrialWelcomeBodies,
   _resolveSenderAddress: resolveSenderAddress,
   _hasResendSenderDns: hasResendSenderDns,
+  _recordsHaveResendDns: recordsHaveResendDns,
+  _getCachedSenderDnsReadiness: getCachedSenderDnsReadiness,
+  _setCachedSenderDnsReadiness: setCachedSenderDnsReadiness,
+  _senderDnsCache: senderDnsCache,
+  _SENDER_DNS_CACHE_MS: SENDER_DNS_CACHE_MS,
   _constants: {
     PRODUCT_NAME,
     DASHBOARD_URL,

package/scripts/thompson-sampling.js

@@ -324,6 +324,48 @@ function samplePosteriors(model) {
   return samples;
 }
 
+/**
+ * Production/exploit-mode counterpart to `samplePosteriors`. Instead of
+ * drawing a random sample from each Beta posterior (which deliberately
+ * explores), return the posterior *mean* α/(α+β) for each category. Picking
+ * argmax over these means is the Bayes-optimal action under 0-1 loss when
+ * we only care about expected reward and do not need exploration.
+ *
+ * When to use which:
+ *   - `samplePosteriors` in training / learning mode — we want to try
+ *     under-sampled arms.
+ *   - `argmaxPosteriors` in production / hot-path mode — we want the
+ *     best-known lesson right now. The caller can still choose to mix the
+ *     two (e.g. ε-greedy) but that's out of scope here.
+ */
+function argmaxPosteriors(model) {
+  const means = {};
+  for (const [cat, params] of Object.entries(model.categories || {})) {
+    const alpha = Math.max(Number(params.alpha) || 0, 0.01);
+    const beta = Math.max(Number(params.beta) || 0, 0.01);
+    means[cat] = alpha / (alpha + beta);
+  }
+  return means;
+}
+
+/**
+ * Pick the single category with the highest posterior mean. Ties broken by
+ * lexicographic order for determinism. Returns `null` when no categories
+ * are present.
+ */
+function pickBestCategory(model) {
+  const means = argmaxPosteriors(model);
+  const keys = Object.keys(means);
+  if (keys.length === 0) return null;
+  // Use localeCompare for deterministic, locale-aware alphabetical tie-break.
+  keys.sort((a, b) => a.localeCompare(b));
+  let best = keys[0];
+  for (const key of keys) {
+    if (means[key] > means[best]) best = key;
+  }
+  return best;
+}
+
 // ---------------------------------------------------------------------------
 // Internal: Marsaglia-Tsang Gamma Sampling (2000)
 // ---------------------------------------------------------------------------
@@ -410,6 +452,8 @@ module.exports = {
   isCalibrated,
   getCalibration,
   samplePosteriors,
+  argmaxPosteriors,
+  pickBestCategory,
   HALF_LIFE_DAYS,
   DECAY_FLOOR,
   MIN_SAMPLES_THRESHOLD,