thumbgate 1.9.0 → 1.11.0

package/.claude-plugin/marketplace.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate-marketplace",
-  "version": "1.9.0",
+  "version": "1.11.0",
   "owner": {
     "name": "Igor Ganapolsky",
     "email": "ig5973700@gmail.com"
@@ -13,7 +13,7 @@
         "source": "npm",
         "package": "thumbgate"
       },
-      "version": "1.9.0",
+      "version": "1.11.0",
       "author": {
         "name": "Igor Ganapolsky"
       },

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "thumbgate",
   "description": "Type 👍 or 👎 on any agent action. ThumbGate captures it, distills a lesson, and blocks the pattern from repeating. One thumbs-down = the agent physically cannot make that mistake again. 33 pre-action gates, budget enforcement, self-protection, and NIST/SOC2 compliance tags.",
-  "version": "1.9.0",
+  "version": "1.11.0",
   "author": {
     "name": "Igor Ganapolsky"
   },

package/.well-known/llms.txt

@@ -48,6 +48,7 @@ npx thumbgate init --agent claude-code
 
 - Agent discovery: https://thumbgate-production.up.railway.app/.well-known/mcp.json
 - Progressive tool index: https://thumbgate-production.up.railway.app/.well-known/mcp/tools.json
+- Context footprint report: https://thumbgate-production.up.railway.app/.well-known/mcp/footprint.json
 - Agent skills: https://thumbgate-production.up.railway.app/.well-known/mcp/skills.json
 - MCP applications: https://thumbgate-production.up.railway.app/.well-known/mcp/applications.json
 - Documentation: https://thumbgate-production.up.railway.app/guide

package/.well-known/mcp/server-card.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.9.0",
+  "version": "1.11.0",
   "description": "ThumbGate — 👍👎 feedback that teaches your AI agent. Thumbs down a mistake, it never happens again.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "transport": "stdio",
@@ -8,6 +8,7 @@
     "manifestUrl": "https://thumbgate-production.up.railway.app/.well-known/mcp.json",
     "toolIndexUrl": "https://thumbgate-production.up.railway.app/.well-known/mcp/tools.json",
     "toolSchemaUrlTemplate": "https://thumbgate-production.up.railway.app/.well-known/mcp/tools/{name}.json",
+    "footprintUrl": "https://thumbgate-production.up.railway.app/.well-known/mcp/footprint.json",
     "skillsUrl": "https://thumbgate-production.up.railway.app/.well-known/mcp/skills.json",
     "applicationsUrl": "https://thumbgate-production.up.railway.app/.well-known/mcp/applications.json"
   }

package/adapters/README.md

@@ -3,7 +3,7 @@
 - `chatgpt/openapi.yaml`: import into GPT Actions.
 - `gemini/function-declarations.json`: Gemini function-calling definitions.
 - `mcp/server-stdio.js`: underlying local MCP stdio server implementation.
-- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.9.0 thumbgate serve`.
+- `claude/.mcp.json`: example Claude Code MCP config using `npx --yes --package thumbgate@1.11.0 thumbgate serve`.
 - `codex/config.toml`: example Codex MCP profile section using the same version-pinned portable launcher.
 - `amp/skills/thumbgate-feedback/SKILL.md`: Amp skill template.
 - `opencode/opencode.json`: portable OpenCode MCP profile using the same version-pinned portable launcher.

package/adapters/claude/.mcp.json

@@ -2,13 +2,13 @@
   "mcpServers": {
     "thumbgate": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.9.0", "thumbgate", "serve"]
+      "args": ["--yes", "--package", "thumbgate@1.11.0", "thumbgate", "serve"]
     }
   },
   "hooks": {
     "preToolUse": {
       "command": "npx",
-      "args": ["--yes", "--package", "thumbgate@1.9.0", "thumbgate", "gate-check"]
+      "args": ["--yes", "--package", "thumbgate@1.11.0", "thumbgate", "gate-check"]
     }
   }
 }

package/adapters/mcp/server-stdio.js

@@ -122,6 +122,7 @@ const {
 } = require('../../scripts/natural-language-harness');
 const { runLoop: runAutoresearchLoop } = require('../../scripts/autoresearch-runner');
 const { TOOLS } = require('../../scripts/tool-registry');
+const { buildContextFootprintReport } = require('../../scripts/context-footprint');
 const { reflect: reflectOnFeedback } = require('../../scripts/reflector-agent');
 const { submitProductIssue } = require('../../scripts/product-feedback');
 const {
@@ -152,7 +153,7 @@ const {
   finalizeSession: finalizeFeedbackSession,
 } = require('../../scripts/feedback-session');
 
-const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.9.0' };
+const SERVER_INFO = { name: 'thumbgate-mcp', version: '1.11.0' };
 const COMMERCE_CATEGORIES = [
   'product_recommendation',
   'brand_compliance',
@@ -493,6 +494,7 @@ async function callTool(name, args = {}) {
 }
 
 async function callToolInner(name, args) {
+  args = args || {};
   // Semantic Aliases for high-level branding alignment
   if (name === 'capture_memory_feedback') name = 'capture_feedback';
   if (name === 'get_reliability_rules') name = 'prevention_rules';
@@ -868,6 +870,17 @@ async function callToolInner(name, args) {
       return toTextResult(runHarness(args.harness, args.inputs || {}, { jobId: args.jobId }));
     case 'plan_multimodal_retrieval':
       return toTextResult(buildMultimodalRetrievalPlan(args));
+    case 'plan_context_footprint':
+      return toTextResult(buildContextFootprintReport({
+        tools: TOOLS,
+        entries: Array.isArray(args.entries) ? args.entries : undefined,
+        anchors: Array.isArray(args.anchors) ? args.anchors : undefined,
+        schemaUrlTemplate: args.schemaUrlTemplate || '/.well-known/mcp/tools/{name}.json',
+        targetReduction: args.targetReduction,
+        windowSize: args.windowSize,
+        perEntryMaxChars: args.perEntryMaxChars,
+        totalMaxChars: args.totalMaxChars,
+      }));
     case 'run_autoresearch': {
       const iterations = Math.max(1, Math.min(5, Number(args.iterations || 1)));
       const timeoutMs = Math.max(1000, Math.min(600000, Number(args.timeoutMs || 120000)));

package/adapters/opencode/opencode.json

@@ -7,7 +7,7 @@
         "npx",
         "--yes",
         "--package",
-        "thumbgate@1.9.0",
+        "thumbgate@1.11.0",
         "thumbgate",
         "serve"
       ],

package/config/enforcement.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "./enforcement.schema.json",
+  "description": "Loss matrix and enforcement knobs for the Bayes-optimal pre-tool-use gate. See scripts/bayes-optimal-gate.js for the decision math. Tags listed here mirror the canonical tags emitted by risk-scorer.buildPatternSummary. To disable tag-specific costs and fall back to a symmetric 1:1 decision, reduce any override to 1.0.",
+  "lossMatrix": {
+    "falseAllow": {
+      "default": 1.0,
+      "deploy-prod": 100.0,
+      "destructive": 50.0,
+      "secrets": 1000.0,
+      "force-push-main": 200.0,
+      "data-loss": 500.0,
+      "credentials": 800.0,
+      "rm-rf": 300.0,
+      "git-reset-hard": 100.0
+    },
+    "falseBlock": {
+      "default": 1.0
+    }
+  },
+  "bayesOptimalEnabled": true,
+  "bayesPosteriorFloor": 0.05
+}

package/config/mcp-allowlists.json

@@ -13,6 +13,7 @@
       "retrieve_lessons",
       "search_thumbgate",
       "plan_multimodal_retrieval",
+      "plan_context_footprint",
       "reflect_on_feedback",
       "feedback_stats",
       "diagnose_failure",
@@ -73,6 +74,7 @@
       "retrieve_lessons",
       "search_thumbgate",
       "plan_multimodal_retrieval",
+      "plan_context_footprint",
       "reflect_on_feedback",
       "prevention_rules",
       "set_task_scope",
@@ -118,6 +120,7 @@
       "retrieve_lessons",
       "search_thumbgate",
       "plan_multimodal_retrieval",
+      "plan_context_footprint",
       "feedback_stats",
       "diagnose_failure",
       "list_harnesses",
@@ -151,6 +154,7 @@
       "retrieve_lessons",
       "search_thumbgate",
       "plan_multimodal_retrieval",
+      "plan_context_footprint",
       "feedback_stats",
       "diagnose_failure",
       "list_harnesses",
@@ -180,6 +184,7 @@
       "search_lessons",
       "retrieve_lessons",
       "search_thumbgate",
+      "plan_context_footprint",
       "diagnose_failure",
       "list_intents",
       "plan_intent",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.9.0",
+  "version": "1.11.0",
   "description": "Self-improving agent governance: type thumbs-up or thumbs-down on any AI agent action. ThumbGate turns every mistake into a prevention rule and blocks the pattern from repeating. One thumbs-down, never again. 33 pre-action gates, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate-production.up.railway.app",
   "repository": {
@@ -54,6 +54,7 @@
     "scripts/audit-trail.js",
     "scripts/auto-promote-gates.js",
     "scripts/auto-wire-hooks.js",
+    "scripts/bayes-optimal-gate.js",
     "scripts/belief-update.js",
     "scripts/billing-setup.js",
     "scripts/billing.js",
@@ -75,6 +76,7 @@
     "scripts/conversation-context.js",
     "scripts/creator-campaigns.js",
     "scripts/cross-encoder-reranker.js",
+    "scripts/context-footprint.js",
     "scripts/daemon-manager.js",
     "scripts/dashboard-render-spec.js",
     "scripts/dashboard.js",
@@ -254,7 +256,7 @@
     "trace:eval": "node scripts/decision-trace.js eval",
     "social:reply-monitor": "node scripts/social-reply-monitor.js",
     "social:reply-monitor:dry": "node scripts/social-reply-monitor.js --dry-run",
-    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:swarm-coordinator && npm run test:session-report && npm run test:require-evidence-gate",
+    "test": "npm run test:schema && npm run test:loop && npm run test:dpo && npm run test:kto && npm run test:api && npm run test:proof && npm run test:e2e && npm run test:rlaif && npm run test:attribution && npm run test:quality && npm run test:intelligence && npm run test:training-export && npm run test:deployment && npm run test:operational-integrity && npm run test:workflow && npm run test:billing && npm run test:cli && npm run test:watcher && npm run test:autoresearch && npm run test:ops && npm run test:session-analyzer && npm run test:tessl && npm run test:gates && npm run test:evoskill && npm run test:gates-hardening && npm run test:workers && npm run test:social-analytics && npm run test:memalign && npm run test:xmemory-lite && npm run test:filesystem-search && npm run test:zernio && npm run test:platform-limits && npm run test:post-video && npm run test:post-everywhere-instagram && npm run test:obsidian-export && npm run test:lesson-db && npm run test:lesson-rotation && npm run test:memory-dedup && npm run test:feedback-quality && npm run test:sync-version && npm run test:check-congruence && npm run test:tool-registry && npm run test:feedback-to-rules && npm run test:memory-firewall && npm run test:belief-update && npm run test:hosted-config && npm run test:operational-summary && npm run test:operator-key-auth && npm run test:cloudflare-sandbox && npm run test:mcp-config && npm run test:plan-gate && npm run test:pulse && npm run test:semantic-layer && npm run test:data-pipeline && npm run test:optimize-context && npm run test:principle-extractor && npm run test:analytics-window && npm run test:funnel-analytics && npm run test:experiment-tracker && npm run test:build-metadata && npm run test:context-engine && npm run test:hf-papers && npm run test:marketing-experiment && npm run test:seo-gsd && npm run test:verify-run && npm run test:export-dpo-pairs && npm run test:export-hf-dataset && npm run test:license && npm run test:bot-detector && npm run test:postinstall && npm run test:funnel-invariants && npm run test:cli-telemetry && npm run test:pro-parity && npm run test:model-tier-router && npm run test:computer-use-firewall && npm run test:skill-exporter && npm run test:statusline && npm run test:evolution && npm run test:org-dashboard && npm run test:multi-hop-recall && npm run test:synthetic-dpo && npm run test:thumbgate-skill && npm run test:learn-hub && npm run test:feedback-fallback && npm run test:metaclaw && npm run test:server-lock && npm run test:control-tower && npm run test:pii-scanner && npm run test:data-governance && npm run test:lesson-inference && npm run test:semantic-dedup && npm run test:fs-utils && npm run test:cli-schema && npm run test:explore && npm run test:lesson-reranker && npm run test:lesson-retrieval && npm run test:cross-encoder && npm run test:reflector-agent && npm run test:feedback-session && npm run test:feedback-history-distiller && npm run test:hallucination-detector && npm run test:history-distiller && npm run test:predictive-insights && npm run test:prove-predictive-insights && npm run test:statusbar-cli && npm run test:generate-instagram-card && npm run test:instagram-thumbgate-post && npm run test:publish-instagram-thumbgate && npm run test:lesson-synthesis && npm run test:background-governance && npm run test:memory-migration && npm run test:prompt-dlp && npm run test:ephemeral-store && npm run test:agent-security && npm run test:skill-progressive && npm run test:per-step-scoring && npm run test:weekly-auto-post && npm run test:social-post-hourly && npm run test:social-quality-gate && npm run test:a2ui-engine && npm run test:gate-satisfy && npm run test:money-watcher && npm run test:budget && npm run test:quick-start && npm run test:utm && npm run test:product-feedback && npm run test:feedback-root-consolidator && npm run test:engagement-audit && npm run test:install-growth-automation && npm run test:publish-thumbgate-launch && npm run test:reconcile-thumbgate-campaign && npm run test:reddit-publisher && npm run test:schedule-thumbgate-campaign && npm run test:social-reply-monitor && npm run test:sync-launch-assets && npm run test:ai-search-visibility && npm run test:perplexity && npm run test:security-scanner && npm run test:llm-client && npm run test:managed-lesson-agent && npm run test:self-distill && npm run test:meta-agent && npm run test:harness-selector && npm run test:thumbgate-bench && npm run test:seo-guides && npm run test:enforcement-loop && npm run test:cli-agent-experience && npm run test:bot-detection && npm run test:checkout-bot-guard && npm run test:session-health && npm run test:session-episodes && npm run test:spec-gate && npm run test:decision-trace && npm run test:dashboard-insights && npm run test:prompt-eval && npm run test:demo-voiceover && npm run test:gate-coherence && npm run test:gate-eval && npm run test:high-roi && npm run test:public-static-assets && npm run test:token-savings && npm run test:workflow-gate-checkpoint && npm run test:lesson-export-import && npm run test:landing-page-claims && npm run test:dashboard-deeplink-e2e && npm run test:public-package-parity && npm run test:token-savings-dashboard && npm run test:cursor-wiring && npm run test:pretooluse-injection && npm run test:recent-corrective-context && npm run test:durability-step && npm run test:mailer && npm run test:brand-assets && npm run test:enforcement-teeth && npm run test:bayes-optimal-gate && npm run test:swarm-coordinator && npm run test:session-report && npm run test:require-evidence-gate",
     "test:swarm-coordinator": "node --test tests/swarm-coordinator.test.js",
     "test:session-report": "node --test tests/session-report.test.js",
     "test:require-evidence-gate": "node --test tests/require-evidence-gate.test.js",
@@ -292,7 +294,7 @@
     "test:pulse": "node --test tests/pulse.test.js",
     "test:semantic-layer": "node --test tests/semantic-layer.test.js",
     "test:data-pipeline": "node --test tests/data-pipeline.test.js",
-    "test:optimize-context": "node --test tests/optimize-context.test.js",
+    "test:optimize-context": "node --test tests/optimize-context.test.js tests/context-footprint.test.js",
     "test:principle-extractor": "node --test tests/principle-extractor.test.js",
     "test:analytics-window": "node --test tests/analytics-window.test.js",
     "test:funnel-analytics": "node --test tests/funnel-analytics.test.js",
@@ -504,9 +506,10 @@
     "test:cursor-wiring": "node --test tests/cursor-wiring.test.js",
     "test:pretooluse-injection": "node --test tests/pretooluse-lesson-injection.test.js",
     "test:recent-corrective-context": "node --test tests/recent-corrective-actions-context.test.js",
-    "test:mailer": "node --test tests/mailer.test.js tests/billing-webhook-email.test.js",
+    "test:mailer": "node --test tests/mailer.test.js tests/mailer-dns.test.js tests/billing-webhook-email.test.js",
     "test:brand-assets": "node --test tests/brand-assets.test.js",
-    "test:enforcement-teeth": "node --test tests/enforcement-teeth.test.js"
+    "test:enforcement-teeth": "node --test tests/enforcement-teeth.test.js",
+    "test:bayes-optimal-gate": "node --test tests/bayes-optimal-gate.test.js"
   },
   "keywords": [
     "mcp",

package/public/index.html

@@ -974,7 +974,7 @@ __GA_BOOTSTRAP__
 <!-- HOW IT WORKS -->
 <section class="how-it-works" id="how-it-works">
   <div class="container">
-    <div class="section-label">New in v1.9.0</div>
+    <div class="section-label">New in v1.11.0</div>
     <h2 class="section-title">Three steps to stop repeated AI failures</h2>
     <div class="steps">
       <div class="step">
@@ -1330,7 +1330,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.9.0</span>
+    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.11.0</span>
   </div>
 </footer>
 

package/scripts/bayes-optimal-gate.js

@@ -0,0 +1,273 @@
+'use strict';
+
+/**
+ * scripts/bayes-optimal-gate.js
+ *
+ * Bayes-optimal decision layer for ThumbGate's pre-tool-use gate.
+ *
+ * Why this exists:
+ *   The legacy gate blocks a tool call when any matched lesson tag has a
+ *   heuristic risk score ≥ a global threshold. That is a "threshold on a
+ *   heuristic" rule, not a Bayes-optimal decision. It cannot express two
+ *   facts that matter in practice:
+ *     1. Different tags carry different empirical harm rates (a prior).
+ *     2. Mis-classification is asymmetric — letting a harmful `deploy-prod`
+ *        call through is far more expensive than briefly blocking a safe
+ *        lint fix. A single global threshold cannot reflect that.
+ *
+ * What this module provides:
+ *   - `computeBayesPosterior(...)` — P(harmful | tags) combining the trained
+ *     model's probability (if present), the base rate, and per-tag empirical
+ *     risk rates via a clipped Bayes-factor update.
+ *   - `bayesOptimalDecision(...)` — cost-weighted argmax over {block, allow}
+ *     using a configurable loss matrix. Block iff the expected loss of
+ *     allowing exceeds the expected loss of blocking.
+ *   - `computeBayesErrorRate(rows)` — the irreducible error floor of the
+ *     current feature set (tag signatures). Useful as a stopping rule when
+ *     tuning the scorer.
+ *
+ * No external deps. Pure functions; the only IO is an optional
+ * `config/enforcement.json` read inside `loadLossMatrix()`.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+// Baseline loss matrix. `default` applies when no tag-specific override
+// matches. Higher = more expensive. The asymmetry below reflects the
+// observed cost of real ThumbGate incidents: false-allow on a destructive
+// or production-facing action costs hours of recovery and credibility;
+// false-block costs the operator one explicit override flag.
+const DEFAULT_LOSS_MATRIX = {
+  falseAllow: {
+    default: 1.0,
+    'deploy-prod': 100.0,
+    'destructive': 50.0,
+    'secrets': 1000.0,
+    'force-push-main': 200.0,
+    'data-loss': 500.0,
+  },
+  falseBlock: {
+    default: 1.0,
+  },
+};
+
+const ENFORCEMENT_CONFIG_PATH = path.join(__dirname, '..', 'config', 'enforcement.json');
+
+/**
+ * Load the loss matrix from `config/enforcement.json` if present, otherwise
+ * return the baked-in default. Any parse/IO failure falls back to defaults —
+ * the Bayes gate must never deadlock the hook on a config problem.
+ */
+function loadLossMatrix(configPath = ENFORCEMENT_CONFIG_PATH) {
+  try {
+    if (!fs.existsSync(configPath)) return DEFAULT_LOSS_MATRIX;
+    const raw = JSON.parse(fs.readFileSync(configPath, 'utf8'));
+    if (!raw || typeof raw !== 'object' || !raw.lossMatrix) return DEFAULT_LOSS_MATRIX;
+    return {
+      falseAllow: { ...DEFAULT_LOSS_MATRIX.falseAllow, ...(raw.lossMatrix.falseAllow || {}) },
+      falseBlock: { ...DEFAULT_LOSS_MATRIX.falseBlock, ...(raw.lossMatrix.falseBlock || {}) },
+    };
+  } catch {
+    return DEFAULT_LOSS_MATRIX;
+  }
+}
+
+/**
+ * Look up the maximum applicable cost for a side of the loss matrix.
+ * A single high-cost tag (e.g. `deploy-prod`) dominates — one dangerous tag
+ * in a bundle of otherwise innocuous tags must still flip the decision.
+ */
+function resolveCost(matrixSide, tags) {
+  const defaultCost = Number(matrixSide?.default ?? 1);
+  let cost = Number.isFinite(defaultCost) ? defaultCost : 1;
+  for (const tag of tags || []) {
+    const key = String(tag || '').trim().toLowerCase();
+    if (!key) continue;
+    const candidate = Number(matrixSide?.[key]);
+    if (Number.isFinite(candidate) && candidate > cost) cost = candidate;
+  }
+  return cost;
+}
+
+/**
+ * Clip a number to [min, max]. Used to bound the Bayes factor so a single
+ * noisy tag (e.g. 1/1 harmful) cannot flip the decision on the basis of one
+ * observation. The clip window is conservative on purpose.
+ */
+function clip(value, min, max) {
+  if (Number.isNaN(value) || value === undefined || value === null) return min;
+  // +Infinity/-Infinity are finite conceptually at the bounds — clamp them to
+  // the nearest edge rather than silently collapsing to `min`.
+  if (value === Infinity) return max;
+  if (value === -Infinity) return min;
+  if (typeof value !== 'number') return min;
+  return Math.min(Math.max(value, min), max);
+}
+
+/**
+ * Normalize a tag into the canonical lowercase key used by the model's
+ * pattern summary. Returns an empty string for falsy or non-string tags.
+ */
+function normalizeTag(tag) {
+  return String(tag || '').trim().toLowerCase();
+}
+
+/**
+ * Build a Map(tag -> riskRate) from the model's `highRiskTags` array.
+ * `riskRate` is empirical P(harmful | tag) computed from feedback sequences
+ * by `risk-scorer.buildPatternSummary`.
+ */
+function buildRiskRateMap(highRiskTags) {
+  const map = new Map();
+  if (!Array.isArray(highRiskTags)) return map;
+  for (const bucket of highRiskTags) {
+    const key = normalizeTag(bucket?.key || bucket?.tag);
+    if (!key) continue;
+    const rate = Number(bucket?.riskRate ?? bucket?.rate);
+    if (Number.isFinite(rate) && rate >= 0 && rate <= 1) {
+      map.set(key, rate);
+    }
+  }
+  return map;
+}
+
+/**
+ * Compute P(harmful | tags) as a Bayes-factor update over a starting
+ * probability. If `modelProbability` is supplied (the trained scorer's
+ * direct output), it seeds the update — richer feature evidence than the
+ * raw base rate. Otherwise we fall back to the prior.
+ *
+ * For each observed tag with a known empirical risk rate, we multiply the
+ * current odds by `riskRate / prior` (the Bayes factor), then convert odds
+ * back to probability. The Bayes factor is clipped to [0.25, 4.0] to keep a
+ * single sparsely-observed tag from dominating.
+ */
+function computeBayesPosterior({ tags, riskByTag, baseRate, modelProbability } = {}) {
+  const prior = clip(Number(baseRate) || 0, 0.01, 0.99);
+  const seed = Number.isFinite(modelProbability) ? clip(modelProbability, 0.01, 0.99) : prior;
+
+  let odds = seed / (1 - seed);
+  const rateMap = riskByTag instanceof Map
+    ? riskByTag
+    : new Map(Object.entries(riskByTag || {}).map(([k, v]) => [normalizeTag(k), Number(v)]));
+
+  const evidence = [];
+  for (const tag of tags || []) {
+    const key = normalizeTag(tag);
+    if (!key) continue;
+    const rate = rateMap.get(key);
+    if (!Number.isFinite(rate)) continue;
+    const bayesFactor = clip(rate / prior, 0.25, 4.0);
+    odds *= bayesFactor;
+    evidence.push({ tag: key, rate, bayesFactor: round3(bayesFactor) });
+  }
+
+  const pHarmful = odds / (1 + odds);
+  return {
+    pHarmful: round3(pHarmful),
+    pSafe: round3(1 - pHarmful),
+    prior: round3(prior),
+    seed: round3(seed),
+    evidence,
+  };
+}
+
+/**
+ * Cost-weighted Bayes-optimal decision. Block iff
+ *   E[loss | allow] = P(harmful) * cost(falseAllow)
+ * exceeds
+ *   E[loss | block] = P(safe)    * cost(falseBlock).
+ *
+ * This reduces to the usual Bayes classifier when both costs are equal.
+ */
+function bayesOptimalDecision(posterior, tags, lossMatrix = DEFAULT_LOSS_MATRIX) {
+  const pHarmful = clip(Number(posterior?.pHarmful), 0, 1);
+  const pSafe = clip(Number(posterior?.pSafe ?? 1 - pHarmful), 0, 1);
+  const cFalseAllow = resolveCost(lossMatrix?.falseAllow || {}, tags);
+  const cFalseBlock = resolveCost(lossMatrix?.falseBlock || {}, tags);
+  const lossAllow = pHarmful * cFalseAllow;
+  const lossBlock = pSafe * cFalseBlock;
+  return {
+    decision: lossAllow > lossBlock ? 'block' : 'allow',
+    expectedLoss: {
+      allow: round3(lossAllow),
+      block: round3(lossBlock),
+    },
+    costs: { falseAllow: cFalseAllow, falseBlock: cFalseBlock },
+  };
+}
+
+/**
+ * Bayes error rate: the irreducible error floor of a classifier built on
+ * the current feature set, estimated empirically from `rows`.
+ *
+ * For each tag signature s we have n_s rows of which k_s were harmful. The
+ * optimal per-signature prediction errs with probability min(k/n, 1-k/n).
+ * Weighting by P(s) = n_s / N and summing gives the Bayes error rate.
+ *
+ * Returns null when `rows` is empty or not an array.
+ */
+function computeBayesErrorRate(rows) {
+  if (!Array.isArray(rows) || rows.length === 0) return null;
+
+  const buckets = new Map();
+  for (const row of rows) {
+    const sig = tagSignature(row);
+    if (!buckets.has(sig)) buckets.set(sig, { total: 0, harmful: 0 });
+    const bucket = buckets.get(sig);
+    bucket.total += 1;
+    if (isHarmful(row)) bucket.harmful += 1;
+  }
+
+  const total = rows.length;
+  let err = 0;
+  for (const { total: n, harmful: k } of buckets.values()) {
+    const p = n === 0 ? 0 : k / n;
+    err += (n / total) * Math.min(p, 1 - p);
+  }
+  return round3(err);
+}
+
+function tagSignature(row) {
+  const raw = Array.isArray(row?.targetTags)
+    ? row.targetTags
+    : Array.isArray(row?.tags)
+      ? row.tags
+      : [];
+  const normalized = raw.map(normalizeTag).filter(Boolean).sort();
+  return normalized.join('|') || '__none__';
+}
+
+/**
+ * Mirror of `risk-scorer.deriveTargetRisk` so this module has no cycle back
+ * into risk-scorer. Kept intentionally narrow — if risk-scorer's definition
+ * broadens, revisit here too.
+ */
+function isHarmful(row) {
+  if (!row || typeof row !== 'object') return false;
+  if (typeof row.targetRisk === 'number') return row.targetRisk > 0;
+  if (typeof row.accepted === 'boolean' && row.accepted === false) return true;
+  const label = String(row.label || row.signal || '').toLowerCase();
+  return label === 'negative';
+}
+
+function round3(n) {
+  if (!Number.isFinite(n)) return 0;
+  return Math.round(n * 1000) / 1000;
+}
+
+module.exports = {
+  DEFAULT_LOSS_MATRIX,
+  ENFORCEMENT_CONFIG_PATH,
+  loadLossMatrix,
+  resolveCost,
+  buildRiskRateMap,
+  computeBayesPosterior,
+  bayesOptimalDecision,
+  computeBayesErrorRate,
+  tagSignature,
+  isHarmful,
+  clip,
+  normalizeTag,
+};

package/scripts/context-footprint.js

@@ -0,0 +1,191 @@
+'use strict';
+
+const DEFAULT_CHARS_PER_TOKEN = 4;
+const DEFAULT_TARGET_REDUCTION = 0.22;
+
+function normalizeRatio(value, fallback = DEFAULT_TARGET_REDUCTION) {
+  const n = Number(value);
+  if (!Number.isFinite(n) || n < 0) return fallback;
+  if (n > 1) return n / 100;
+  return n;
+}
+
+function stablePayload(value) {
+  if (typeof value === 'string') return value;
+  return JSON.stringify(value == null ? '' : value, null, 2);
+}
+
+function estimateTokens(value, charsPerToken = DEFAULT_CHARS_PER_TOKEN) {
+  const payload = stablePayload(value);
+  const divisor = Math.max(1, Number(charsPerToken) || DEFAULT_CHARS_PER_TOKEN);
+  return Math.ceil(payload.length / divisor);
+}
+
+function measureFootprint(baseline, optimized, options = {}) {
+  const baselinePayload = stablePayload(baseline);
+  const optimizedPayload = stablePayload(optimized);
+  const baselineBytes = Buffer.byteLength(baselinePayload, 'utf8');
+  const optimizedBytes = Buffer.byteLength(optimizedPayload, 'utf8');
+  const baselineTokens = estimateTokens(baselinePayload, options.charsPerToken);
+  const optimizedTokens = estimateTokens(optimizedPayload, options.charsPerToken);
+  const bytesSaved = Math.max(0, baselineBytes - optimizedBytes);
+  const tokensSaved = Math.max(0, baselineTokens - optimizedTokens);
+  const reductionRatio = baselineBytes > 0 ? bytesSaved / baselineBytes : 0;
+
+  return {
+    baseline: {
+      bytes: baselineBytes,
+      estimatedTokens: baselineTokens,
+    },
+    optimized: {
+      bytes: optimizedBytes,
+      estimatedTokens: optimizedTokens,
+    },
+    savings: {
+      bytes: bytesSaved,
+      estimatedTokens: tokensSaved,
+      reductionRatio,
+      reductionPercent: Number((reductionRatio * 100).toFixed(1)),
+      targetMet: reductionRatio >= normalizeRatio(options.targetReduction),
+    },
+  };
+}
+
+function toolSchemaUrl(schemaUrlTemplate, toolName) {
+  const encodedName = encodeURIComponent(String(toolName || ''));
+  const template = String(schemaUrlTemplate || '/.well-known/mcp/tools/{name}.json');
+  return template.includes('{name}')
+    ? template.replace('{name}', encodedName)
+    : `${template.replace(/\/$/, '')}/${encodedName}.json`;
+}
+
+function normalizeToolForFullManifest(tool) {
+  return {
+    name: tool.name,
+    description: tool.description,
+    annotations: tool.annotations || {},
+    inputSchema: tool.inputSchema || {},
+  };
+}
+
+function normalizeToolForProgressiveManifest(tool, schemaUrlTemplate) {
+  return {
+    name: tool.name,
+    description: tool.description,
+    annotations: tool.annotations || {},
+    schemaUrl: toolSchemaUrl(schemaUrlTemplate, tool.name),
+  };
+}
+
+function buildMcpToolFootprintReport(tools = [], options = {}) {
+  const toolList = Array.isArray(tools) ? tools : [];
+  const schemaUrlTemplate = options.schemaUrlTemplate || '/.well-known/mcp/tools/{name}.json';
+  const baseline = {
+    pattern: 'preload-all-tool-schemas',
+    tools: toolList.map(normalizeToolForFullManifest),
+  };
+  const optimized = {
+    pattern: 'progressive-tool-discovery',
+    tools: toolList.map((tool) => normalizeToolForProgressiveManifest(tool, schemaUrlTemplate)),
+  };
+
+  return {
+    kind: 'mcp-tool-discovery',
+    strategy: 'lossless-progressive-disclosure',
+    toolCount: toolList.length,
+    qualityContract: {
+      behaviorPreserved: true,
+      reason: 'Each omitted inputSchema is still available through the tool schema URL.',
+      schemaUrlTemplate,
+    },
+    footprint: measureFootprint(baseline, optimized, {
+      targetReduction: options.targetReduction,
+      charsPerToken: options.charsPerToken,
+    }),
+  };
+}
+
+function buildFeedbackContextFootprintReport(entries = [], anchors = [], options = {}) {
+  const { compactContext } = require('./context-engine');
+  const safeEntries = Array.isArray(entries) ? entries : [];
+  const safeAnchors = Array.isArray(anchors) ? anchors : [];
+  const compaction = compactContext(safeEntries, safeAnchors, {
+    windowSize: options.windowSize,
+    perEntryMaxChars: options.perEntryMaxChars,
+    totalMaxChars: options.totalMaxChars,
+  });
+
+  const anchorIds = new Set(safeAnchors.map((entry) => entry && entry.id).filter(Boolean));
+  const optimizedAnchorIds = new Set(compaction.entries.map((entry) => entry && entry.id).filter(Boolean));
+  const anchorsPreserved = Array.from(anchorIds).every((id) => optimizedAnchorIds.has(id));
+
+  return {
+    kind: 'feedback-context-compaction',
+    strategy: 'bounded-context-compaction',
+    qualityContract: {
+      behaviorPreserved: false,
+      anchorsPreserved,
+      reason: 'Feedback context is intentionally bounded; anchor entries are preserved while stale or duplicate entries are removed.',
+    },
+    compaction: {
+      stage: compaction.stage,
+      removedCount: compaction.removedCount,
+      compacted: compaction.compacted,
+      baselineItems: safeEntries.length,
+      optimizedItems: compaction.entries.length,
+    },
+    footprint: measureFootprint(safeEntries, compaction.entries, {
+      targetReduction: options.targetReduction,
+      charsPerToken: options.charsPerToken,
+    }),
+  };
+}
+
+function buildContextFootprintReport(options = {}) {
+  const targetReduction = normalizeRatio(options.targetReduction);
+  const report = {
+    name: 'thumbgate-context-footprint',
+    targetReduction,
+    sourcePattern: 'Compress the bottleneck without changing the behavior agents rely on.',
+    recommendations: [
+      'Load the MCP tool index first; fetch one tool schema only when the agent selects that tool.',
+      'Use construct_context_pack with maxChars before injecting lessons into a model prompt.',
+      'Keep gate ids, proof URLs, and anchor lessons stable so compaction does not hide evidence.',
+      'Track estimated token savings beside every optimized context path.',
+    ],
+  };
+
+  if (Array.isArray(options.tools)) {
+    report.mcpToolDiscovery = buildMcpToolFootprintReport(options.tools, {
+      schemaUrlTemplate: options.schemaUrlTemplate,
+      targetReduction,
+      charsPerToken: options.charsPerToken,
+    });
+  }
+
+  if (Array.isArray(options.entries)) {
+    report.feedbackContext = buildFeedbackContextFootprintReport(
+      options.entries,
+      options.anchors,
+      {
+        windowSize: options.windowSize,
+        perEntryMaxChars: options.perEntryMaxChars,
+        totalMaxChars: options.totalMaxChars,
+        targetReduction,
+        charsPerToken: options.charsPerToken,
+      },
+    );
+  }
+
+  return report;
+}
+
+module.exports = {
+  DEFAULT_CHARS_PER_TOKEN,
+  DEFAULT_TARGET_REDUCTION,
+  estimateTokens,
+  measureFootprint,
+  buildMcpToolFootprintReport,
+  buildFeedbackContextFootprintReport,
+  buildContextFootprintReport,
+};

package/scripts/gate-stats.js

@@ -4,6 +4,8 @@
 const fs = require('fs');
 const path = require('path');
 const { getAutoGatesPath } = require('./auto-promote-gates');
+const { computeBayesErrorRate } = require('./bayes-optimal-gate');
+const { sequencePathFor } = require('./risk-scorer');
 
 const PROJECT_ROOT = path.join(__dirname, '..');
 const MANUAL_GATES_PATH = path.join(PROJECT_ROOT, 'config', 'gates', 'default.json');
@@ -55,6 +57,14 @@ function calculateStats() {
   const estimatedMinutesSaved = (totalBlocked + totalWarned) * 15;
   const estimatedHoursSaved = (estimatedMinutesSaved / 60).toFixed(1);
 
+  // Bayes error rate: irreducible error floor of the current scorer given its
+  // feature set (tag signatures). If this is near zero, the scorer is already
+  // close to optimal — threshold tuning won't help, and new features are the
+  // only lever. If this is high, the feature set can't discriminate the signal
+  // and we should add features (file path, recency, commit context) rather
+  // than tune thresholds. Null when no feedback sequences have been recorded.
+  const bayesErrorRate = tryComputeBayesErrorRate();
+
   return {
     totalGates: allGates.length,
     manualGates: manualGates.length,
@@ -66,10 +76,26 @@ function calculateStats() {
     topBlocked,
     lastPromotion,
     estimatedHoursSaved,
+    bayesErrorRate,
     gates: allGates,
   };
 }
 
+function tryComputeBayesErrorRate() {
+  try {
+    const seqPath = sequencePathFor();
+    if (!fs.existsSync(seqPath)) return null;
+    const rows = fs.readFileSync(seqPath, 'utf8')
+      .split('\n')
+      .filter(Boolean)
+      .map((line) => { try { return JSON.parse(line); } catch { return null; } })
+      .filter(Boolean);
+    return computeBayesErrorRate(rows);
+  } catch {
+    return null;
+  }
+}
+
 function formatLastPromotion(promo) {
   if (!promo) return 'none';
   const ts = promo.timestamp ? new Date(promo.timestamp) : null;
@@ -94,9 +120,18 @@ function formatStats(stats) {
   lines.push(`  Top blocked gate: ${stats.topBlocked ? `${stats.topBlocked.id} (${stats.topBlocked.occurrences || 0} blocks)` : 'none'}`);
   lines.push(`  Last promotion: ${formatLastPromotion(stats.lastPromotion)}`);
   lines.push(`  Estimated time saved: ~${stats.estimatedHoursSaved} hours`);
+  lines.push(`  Bayes error rate: ${formatBayesErrorRate(stats.bayesErrorRate)}`);
   return lines.join('\n');
 }
 
+function formatBayesErrorRate(rate) {
+  if (rate === null || rate === undefined) return 'n/a (no feedback sequences yet)';
+  const pct = (rate * 100).toFixed(1);
+  if (rate < 0.02) return `${pct}% — scorer is near-optimal; add features, don't tune thresholds`;
+  if (rate < 0.10) return `${pct}% — scorer has modest headroom`;
+  return `${pct}% — high irreducible error; the feature set can't discriminate`;
+}
+
 if (require.main === module) {
   try {
     const stats = calculateStats();
@@ -111,6 +146,8 @@ module.exports = {
   calculateStats,
   formatStats,
   formatLastPromotion,
+  formatBayesErrorRate,
   loadGatesFile,
+  tryComputeBayesErrorRate,
   MANUAL_GATES_PATH,
 };

package/scripts/mailer/resend-mailer.js

@@ -36,7 +36,12 @@ const SENDER_DNS_CACHE_MS = 10 * 60 * 1000;
 const ANGLE_EMAIL_RE = /<([^<>@\s]{1,64}@[^<>@\s]{1,255})>/;
 const BARE_EMAIL_RE = /([^\s<>@]{1,64}@[^\s<>@]{1,255})/;
 const DKIM_PUBLIC_KEY_RE = /^p=/i;
-const AMAZON_SES_MX_RE = /feedback-smtp\..*amazonaws\.com\.?$/i;
+// Resend fronts outbound mail with Amazon SES; the MX for send.<domain> points
+// at feedback-smtp.<region>.amazonses.com. Earlier revisions of this regex
+// mistakenly matched `amazonaws.com`, so the positive branch never fired in
+// production. Matching `amazonses.com` (optionally with a trailing dot) is
+// what Resend's DNS setup wizard actually publishes.
+const AMAZON_SES_MX_RE = /feedback-smtp\..*amazonses\.com\.?$/i;
 const AMAZON_SES_SPF_RE = /include:amazonses\.com/i;
 const TRAILING_EMAIL_DOMAIN_PUNCTUATION = new Set(['>', ')', ',', '.', ';']);
 const senderDnsCache = new Map();
@@ -504,6 +509,11 @@ module.exports = {
   renderTrialWelcomeBodies,
   _resolveSenderAddress: resolveSenderAddress,
   _hasResendSenderDns: hasResendSenderDns,
+  _recordsHaveResendDns: recordsHaveResendDns,
+  _getCachedSenderDnsReadiness: getCachedSenderDnsReadiness,
+  _setCachedSenderDnsReadiness: setCachedSenderDnsReadiness,
+  _senderDnsCache: senderDnsCache,
+  _SENDER_DNS_CACHE_MS: SENDER_DNS_CACHE_MS,
   _constants: {
     PRODUCT_NAME,
     DASHBOARD_URL,

package/scripts/thompson-sampling.js

@@ -324,6 +324,48 @@ function samplePosteriors(model) {
   return samples;
 }
 
+/**
+ * Production/exploit-mode counterpart to `samplePosteriors`. Instead of
+ * drawing a random sample from each Beta posterior (which deliberately
+ * explores), return the posterior *mean* α/(α+β) for each category. Picking
+ * argmax over these means is the Bayes-optimal action under 0-1 loss when
+ * we only care about expected reward and do not need exploration.
+ *
+ * When to use which:
+ *   - `samplePosteriors` in training / learning mode — we want to try
+ *     under-sampled arms.
+ *   - `argmaxPosteriors` in production / hot-path mode — we want the
+ *     best-known lesson right now. The caller can still choose to mix the
+ *     two (e.g. ε-greedy) but that's out of scope here.
+ */
+function argmaxPosteriors(model) {
+  const means = {};
+  for (const [cat, params] of Object.entries(model.categories || {})) {
+    const alpha = Math.max(Number(params.alpha) || 0, 0.01);
+    const beta = Math.max(Number(params.beta) || 0, 0.01);
+    means[cat] = alpha / (alpha + beta);
+  }
+  return means;
+}
+
+/**
+ * Pick the single category with the highest posterior mean. Ties broken by
+ * lexicographic order for determinism. Returns `null` when no categories
+ * are present.
+ */
+function pickBestCategory(model) {
+  const means = argmaxPosteriors(model);
+  const keys = Object.keys(means);
+  if (keys.length === 0) return null;
+  // Use localeCompare for deterministic, locale-aware alphabetical tie-break.
+  keys.sort((a, b) => a.localeCompare(b));
+  let best = keys[0];
+  for (const key of keys) {
+    if (means[key] > means[best]) best = key;
+  }
+  return best;
+}
+
 // ---------------------------------------------------------------------------
 // Internal: Marsaglia-Tsang Gamma Sampling (2000)
 // ---------------------------------------------------------------------------
@@ -410,6 +452,8 @@ module.exports = {
   isCalibrated,
   getCalibration,
   samplePosteriors,
+  argmaxPosteriors,
+  pickBestCategory,
   HALF_LIFE_DAYS,
   DECAY_FLOOR,
   MIN_SAMPLES_THRESHOLD,

package/scripts/tool-registry.js

@@ -153,6 +153,45 @@ const TOOLS = [
       },
     },
   }),
+  readOnlyTool({
+    name: 'plan_context_footprint',
+    description: 'Estimate MCP schema and feedback-context footprint before loading large manifests into an agent prompt. Reports progressive-discovery savings, context compaction savings, and proof-preserving recommendations.',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        entries: {
+          type: 'array',
+          description: 'Optional feedback/context entries to compact and measure.',
+          items: { type: 'object' },
+        },
+        anchors: {
+          type: 'array',
+          description: 'Optional entries that must survive compaction.',
+          items: { type: 'object' },
+        },
+        schemaUrlTemplate: {
+          type: 'string',
+          description: 'Template for progressive MCP tool schema URLs, using {name}.',
+        },
+        targetReduction: {
+          type: 'number',
+          description: 'Target footprint reduction as a ratio or percentage. Default: 0.22.',
+        },
+        windowSize: {
+          type: 'number',
+          description: 'Feedback compaction recency window.',
+        },
+        perEntryMaxChars: {
+          type: 'number',
+          description: 'Maximum characters retained per large feedback field.',
+        },
+        totalMaxChars: {
+          type: 'number',
+          description: 'Optional total character budget for compacted feedback entries.',
+        },
+      },
+    },
+  }),
   destructiveTool({
     name: 'import_document',
     description: 'Import a local policy or runbook document into ThumbGate, normalize it for search, and propose provenance-backed gate candidates.',

package/src/api/server.js

@@ -208,6 +208,9 @@ const {
 } = require('../../scripts/rate-limiter');
 const { sendProblem, PROBLEM_TYPES } = require('../../scripts/problem-detail');
 const { TOOLS: MCP_TOOLS } = require('../../scripts/tool-registry');
+const {
+  buildContextFootprintReport,
+} = require('../../scripts/context-footprint');
 const {
   findSeoPageByPath,
   renderSeoPageHtml,
@@ -567,6 +570,13 @@ function getToolDiscoveryIndex(hostedConfig) {
   }));
 }
 
+function getContextFootprintReport(hostedConfig) {
+  return buildContextFootprintReport({
+    tools: MCP_TOOLS,
+    schemaUrlTemplate: buildPublicUrl(hostedConfig, '/.well-known/mcp/tools/{name}.json'),
+  });
+}
+
 function getMcpSkillManifests(hostedConfig) {
   return [
     {
@@ -611,6 +621,21 @@ function getMcpSkillManifests(hostedConfig) {
       contextUrl: buildPublicUrl(hostedConfig, '/public/llm-context.md'),
       proofUrl: VERIFICATION_EVIDENCE_URL,
     },
+    {
+      name: 'context-footprint-optimizer',
+      title: 'Context Footprint Optimizer',
+      description: 'Measure MCP schema payloads and feedback-context packs before spending model context on them.',
+      triggers: ['context compression', 'token savings', 'progressive discovery', 'MCP schema loading', 'context budget'],
+      recommendedFlow: [
+        'Measure full schema or memory payload footprint.',
+        'Load the slim index first, then fetch only selected tool schemas.',
+        'Compact feedback context with anchors for proof-critical lessons.',
+        'Record estimated token savings next to the workflow evidence.',
+      ],
+      contextUrl: buildPublicUrl(hostedConfig, '/public/llm-context.md'),
+      footprintUrl: buildPublicUrl(hostedConfig, '/.well-known/mcp/footprint.json'),
+      proofUrl: VERIFICATION_EVIDENCE_URL,
+    },
   ];
 }
 
@@ -671,6 +696,7 @@ function getMcpDiscoveryManifest(hostedConfig) {
       serverCardUrl: buildPublicUrl(hostedConfig, '/.well-known/mcp/server-card.json'),
       toolIndexUrl: buildPublicUrl(hostedConfig, '/.well-known/mcp/tools.json'),
       toolSchemaUrlTemplate: buildPublicUrl(hostedConfig, '/.well-known/mcp/tools/{name}.json'),
+      footprintUrl: buildPublicUrl(hostedConfig, '/.well-known/mcp/footprint.json'),
       skillsUrl: buildPublicUrl(hostedConfig, '/.well-known/mcp/skills.json'),
       applicationsUrl: buildPublicUrl(hostedConfig, '/.well-known/mcp/applications.json'),
       llmsTxtUrl: buildPublicUrl(hostedConfig, '/.well-known/llms.txt'),
@@ -705,9 +731,15 @@ function getMcpDiscoveryManifest(hostedConfig) {
         description: 'Plan screenshot/PDF/proof-artifact retrieval before investing in multimodal finetuning.',
         tools: ['plan_multimodal_retrieval', 'search_thumbgate', 'construct_context_pack', 'require_evidence_for_claim'],
       },
+      {
+        name: 'context-footprint-optimizer',
+        description: 'Measure MCP schema and feedback-context footprint before loading large manifests into model context.',
+        tools: ['plan_context_footprint', 'construct_context_pack', 'context_provenance'],
+      },
     ],
     skills: getMcpSkillManifests(hostedConfig),
     applications: getMcpApplications(hostedConfig),
+    footprint: getContextFootprintReport(hostedConfig),
     proof: {
       verificationEvidenceUrl: VERIFICATION_EVIDENCE_URL,
       llmContextUrl: buildPublicUrl(hostedConfig, '/public/llm-context.md'),
@@ -4086,6 +4118,17 @@ async function addContext(){
       return;
     }
 
+    if (isGetLikeRequest && pathname === '/.well-known/mcp/footprint.json') {
+      sendJson(res, 200, {
+        name: 'thumbgate',
+        version: pkg.version,
+        ...getContextFootprintReport(hostedConfig),
+      }, {}, {
+        headOnly: isHeadRequest,
+      });
+      return;
+    }
+
     if (isGetLikeRequest && pathname.startsWith('/.well-known/mcp/tools/') && pathname.endsWith('.json')) {
       const encodedToolName = pathname.slice('/.well-known/mcp/tools/'.length, -'.json'.length);
       let toolName = encodedToolName;
@@ -4156,6 +4199,7 @@ async function addContext(){
         version: pkg.version,
         transport: discoveryManifest.transport,
         discovery: discoveryManifest.discovery,
+        footprint: discoveryManifest.footprint,
         tools: getServerCardTools(),
         skills: getMcpSkillManifests(hostedConfig),
         applications: getMcpApplications(hostedConfig),