Skip to content

thumbgate@1.28.0

Latest

Choose a tag to compare

@github-actions github-actions released this 11 Jul 13:16
369dd59

thumbgate@1.28.0

Release Links

npm Email Companion

npm controls the native "Successfully published" email template, so the email itself stays short. Treat this generated artifact as the full release-note companion for that email: it carries the Changeset summaries, CHANGELOG entry, publish workflow, npm tarball, and shasum when available.

Full Changeset Release Notes

No changed .changeset/*.md entries were detected for this release range.

CHANGELOG.md Entry

1.28.0

Minor Changes

  • #2568 f9474e2 Thanks @IgorGanapolsky! - Add npx thumbgate quickstart — a guided first-rule activation walkthrough that fixes the #1 funnel break: ~98.5% of init users never promote their first prevention rule, so they never reach the "ThumbGate just blocked a repeat mistake" aha moment. The command captures one real agent mistake, promotes it into a block rule (reusing the existing force-promote path), then immediately fires that rule against the action so the user watches it get blocked, and ties the value to what Pro keeps synced across machines and team. Additive and safe: init is untouched, the walkthrough runs in a TTY only, and non-interactive / piped / CI runs print a one-line hint and exit 0 without prompting or hanging.

  • #2621 b11cb29 Thanks @IgorGanapolsky! - Strengthen the anti-claim Stop hook (hook-stop-anti-claim.js). Expand the lie-phrase set to catch completion claims that previously slipped past it — "all green", "tests pass/passing", "verified", "confirmed", "is/now stable", "all clear", "good to go", "race is over" — all still suppressed when the same turn ran a proof tool call (curl/grep/test/Read). Add a strict mode: with THUMBGATE_STRICT_ENFORCEMENT=1 the hook emits a Stop-hook block decision (forcing the agent to verify or retract before ending the turn) instead of a soft next-turn reminder. Default behavior unchanged.

  • #2744 2d5dec3 Thanks @IgorGanapolsky! - Add opt-in autonomous fail-closed mode for approval gates. When THUMBGATE_AUTONOMOUS=1, an approve (human-in-the-loop) gate now fails CLOSED (deny) instead of deferring — because in an autonomous agent loop there is no human to sign off, and the actions that most need approval must not slip through unattended. Interactive and existing CI behavior is unchanged (opt-in only); applies to both the sync and async evaluation paths.

  • #2611 2f45fb6 Thanks @IgorGanapolsky! - Add five discoverable /thumbgate-* slash-commands that surface ThumbGate's core enforcement value in the agent command palette — the same distribution lever that took GSD (get-shit-done) to 64k stars by exposing 67 browsable /gsd-* commands, while ThumbGate's value sat hidden behind MCP tools nobody browses.

    The commands ship in .claude/commands/ and are installed into every agent's palette (.claude, .gemini, .antigravitycli) by thumbgate init:

    • /thumbgate-guard — turn the last agent mistake into a hard prevention rule (wraps capture_feedback + the thumbgate force-gate force-promote path).
    • /thumbgate-rules — list the active prevention rules + lessons guarding this repo (wraps prevention_rules, get_reliability_rules, search_lessons).
    • /thumbgate-blocked — show what's actually been blocked: gate stats + enforcement matrix (wraps gate_stats, enforcement_matrix).
    • /thumbgate-protect — show branch/release governance and grant a scoped, expiring approval for protected-file actions (wraps get_branch_governance, approve_protected_action).
    • /thumbgate-doctor — health-check the wiring: hooks, MCP, agent-readiness (wraps the existing thumbgate doctor).

    Each is a thin wrapper over an existing MCP tool or CLI command — no new enforcement logic, just discoverability. README now positions these as "the guardrail layer for spec-driven agents," working alongside GSD / Spec-Kit rather than competing with them. Guarded by tests/discoverable-skills.test.js, which verifies every command's frontmatter and that allowed-tools reference only real registered MCP tools and real bin/cli.js subcommands.

  • #2636 85da24f Thanks @IgorGanapolsky! - Add npx thumbgate hermes-gate — a governance adapter for Nous Research's Hermes Agent. Hermes is a self-evolving agent that rewrites its own SKILL.md files during use; it exposes a documented pre_tool_call shell hook that pipes each pending tool call to an external command and reads a block/allow decision from stdout. hermes-gate implements that contract: it reads Hermes's tool-call JSON from stdin, runs the same gate pipeline as gate-check (secret guard, security scan, force-push / destructive / skill_manage / learned prevention rules), and emits {"decision":"block","reason":...} to veto a call or {} to allow it — so ThumbGate can gate Hermes's runtime tool calls, including silent skill overwrites, before they execute.

    Because Hermes's pre_tool_call is binary (block or allow) with no warn channel, hermes-gate runs strict enforcement by default so a deny actually blocks; set THUMBGATE_HERMES_WARN_ONLY=1 for advisory-only. The hook fails open by design (Hermes proceeds if it errors/times out). Ships adapters/hermes/config.yaml with the exact ~/.hermes/config.yaml wiring (MCP tool exposure + pre_tool_call matcher covering terminal|process|patch|write_file|skill_manage|execute_code).

  • #2800 b5e97ef Thanks @IgorGanapolsky! - Detect an explicit "never …" / "always …" directive in feedback and surface the one-shot enforcement path as an offer. When a thumbs-down says "never do X", the capture confirmation now offers an immediate force-gate (block now) instead of silently waiting for the pattern to recur — because typing "never" is explicit intent to guard. It only OFFERS; it never auto-blocks (auto-promotion stays occurrence-gated, which is what keeps a single signal from locking you out). A thumbs-up "always …" is clarified as guidance-only (positive patterns are surfaced as context, not gate-enforced). New scripts/imperative-detector.js (pure/deterministic) + wired into the CLI feedback confirmation.

  • #2610 f90bcd3 Thanks @IgorGanapolsky! - Add regression-gated rule promotion (Self-Harness stage 3). Before a feedback-derived rule auto-activates as a hard block, auto-promote-gates now replays it against the audit trail's prior allow decisions; if the candidate would have blocked actions that were previously safe, it is quarantined to warn instead of block. Prevents a noisy 3× capture from hard-blocking an over-broad pattern that degrades known-good behavior.

  • #2849 f49cd34 Thanks @IgorGanapolsky! - Self-protection gates now bind regardless of enforcement posture. Previously every gate — including the ones guarding ThumbGate's own kill switch and env overrides — degraded to a warning under warn-by-default, so an agent could run pkill -f gates-engine or export THUMBGATE_HOTFIX_BYPASS=1 and only be warned, by which point the guardrail was already gone. self-protect-kill and self-protect-env-override now hard-deny by default. A deliberate owner escape, THUMBGATE_SELF_PROTECT_OVERRIDE=1, prevents self-lockout (break-glass covers .claude/settings* but not the self-protect surface). The change is targeted: non-self-protective denies (e.g. force-push) still follow warn-by-default. The file-edit self-protect gates (self-protect-config, self-protect-hooks-disable) remain shadowed by protected-file-approval-required/workflow-sentinel and are approval-gated; hardening those to hard-deny requires gate reordering and is a tracked follow-up.

  • #2614 66c4f9f Thanks @IgorGanapolsky! - Add scripts/sync-telemetry-from-prod.js so the local agentic data pipeline reflects the real web funnel. get_business_metrics (semantic-layer → agentic-data-pipeline → telemetry-analytics) reads the LOCAL telemetry-pings.jsonl, which is empty on dev machines, so it reported uniqueVisitors:0 / checkoutStarts:0 even while prod traffic flowed. The real funnel lives on the prod Railway volume and is exposed only via the operator-gated GET /v1/telemetry/export. The new sync pulls that export and merges/dedupes the telemetry rows (and, with --funnel, the funnel rows) into the same feedback dir the pipeline reads. Dedupe is a stable sha256 of the canonical row so repeat runs never double-count. Auth uses Authorization: Bearer <key> (the header the server's extractApiKey actually reads); the key is resolved from THUMBGATE_OPERATOR_KEY/THUMBGATE_API_KEY/~/.config/thumbgate/operator.json and never printed. Hermetic unit tests inject fetchImpl (no network, no secret).

Patch Changes

  • #2855 836dff8 Thanks @IgorGanapolsky! - Reject versioned release pull requests that leave any Changesets pending, preventing a green release PR from preserving an unshipped backlog. Version generation now uses Changesets' local changelog formatter so backlog consumption does not depend on GitHub GraphQL; the publish workflow still attaches repository links, the exact release ref, and npm receipt metadata after publication.

  • #2574 0295054 Thanks @IgorGanapolsky! - chore(activation): clean up scripts/activation-quickstart.js maintainability smells flagged by SonarCloud after #2568 merged — use node: import specifiers, String.raw in the regex escaper, optional chaining for the gate verdict and CLI error, and drop unused catch bindings. Also replaces an always-true assertion in the non-TTY quickstart test with a real check on the printed hint. No behavior change.

  • #2626 c6ca469 Thanks @IgorGanapolsky! - Add agent context governance positioning, Learn and homepage entry points, and a public guide for context hygiene, tool lockdown, MCP integrity, and AI-authored code provenance.

  • #2553 103b222 Thanks @IgorGanapolsky! - Add a canonical agentic web governance guide, homepage/Learn-hub links, and AI-readable context updates so ThumbGate can own the bot-majority promotion narrative while routing buyers toward pre-action checks.

  • #2779 4713f53 Thanks @IgorGanapolsky! - Ship all runtime files in the npm bundle and self-protect ThumbGate's own governance files.

    • Adds a pack-integrity test that fails if any runtime require() reachable from the shipped entrypoints is missing from the tarball — the class of bug that broke 1.27.19 (missing feedback-sanitizer.js crashed the prompt hook for every user).
    • Adds scripts/self-protection.js: edits to ThumbGate's own kill-switch files (.claude/settings.json, hook scripts, config/gates/**) now WARN by default and hard-block under THUMBGATE_STRICT_ENFORCEMENT=1, with a THUMBGATE_ALLOW_SELF_EDIT=1 escape hatch that preserves the repair path.

    Prompted by Andy Martin's review.

  • #2809 e216172 Thanks @IgorGanapolsky! - Bound the publish guard's pending-changeset exemption so a merged fix cannot sit unshipped behind a green check. publish-npm.yml already errored when shipped content changed since the last release tag without a version bump, but it exempted that error whenever any pending changeset existed — on the theory that "the next versioned publish will ship it." Nothing bounded until. On 2026-07-09 the deny-network-egress host-boundary fix merged to main while Publish to NPM reported success and published nothing, because a changeset for it existed; npm install thumbgate kept serving the vulnerable pattern and no check anywhere went red. The exemption now expires after MAX_UNRELEASED_DAYS (default 7), after which a pending changeset stops excusing the no-op and the workflow fails with an instruction to cut a release PR. The decision moves out of inline shell into scripts/release-window.js so it is unit-testable; tests/release-window.test.js pins the boundary and the 2026-07-09 regression.

  • #2698 1d1d6a3 Thanks @IgorGanapolsky! - Rename inline logo mark to v2 to bypass aggressive browser cache and immediately display the premium shield logo.

  • #2701 c3c2cc7 Thanks @IgorGanapolsky! - Rename the inline logo SVG asset to v3 and update all references to bust the browser logo cache.

  • #2519 1f28d7f Thanks @IgorGanapolsky! - Capture buyer abandonment reasons on the ThumbGate Pro checkout interstitial before redirecting to Stripe. Adds first-party telemetry for reason-not-buying choices and silent interstitial abandonment so checkout friction can be measured instead of guessed.

  • #2518 e14eea0 Thanks @IgorGanapolsky! - Bypass checkout interstitial when THUMBGATE_CHECKOUT_INTERSTITIAL_BYPASS is set to 1. Added /about page and Referrer-Policy header to static files. Updated dashboard chat intents to support listing blocked/prevented mistakes. Added local LLM config to stats payload.

  • #2769 f102e3d Thanks @IgorGanapolsky! - Fix broken checkout: 99 visitors hit /checkout/pro in 30 days, 0 converted. The interstitial form posted back to itself instead of redirecting to Stripe. Now bypasses the broken createCheckoutSession path and routes directly to the Stripe Payment Link. Bypass is enabled by default.

  • #2719 8c7cb49 Thanks @IgorGanapolsky! - Reduce Pro checkout friction by letting confirmed human clicks reach Stripe without requiring an email on the ThumbGate interstitial, while keeping bot deflection and adding a revenue doctor guard for deployed required-email drift.

  • #2708 60cb53f Thanks @IgorGanapolsky! - Require a valid buyer email before creating Pro Stripe Checkout Sessions so abandoned checkouts keep a recoverable contact path instead of generating unpaid no-contact sessions.

  • #2667 10bca99 Thanks @IgorGanapolsky! - Constrain checkout interstitial hidden attribution to an allowlist so arbitrary request query parameters cannot be reflected into server-rendered HTML.

  • #2520 b57b6d9 Thanks @IgorGanapolsky! - Add deterministic sampling for the ThumbGate Pro checkout interstitial when direct-to-Stripe bypass is enabled, preserving fast checkout for unsampled visitors while exposing a configured slice of human traffic to buyer-objection feedback capture.

  • #2789 6347fa6 Thanks @IgorGanapolsky! - Add the commercialization strategy: open-core (free permissive runtime as the adoption wedge; learned models + exporters + hosted behind a real paywall), fundable repricing (Team/Enterprise, token-insurance ROI), and an investor one-pager. Decision: do NOT relicense to FSL/BUSL now — the code is commoditized and the moat is data + hosted state; relicensing stays an option for later once there's adoption to protect. MOAT.md points to the new strategy doc.

  • #2528 b0457a2 Thanks @IgorGanapolsky! - seo: add /compare/cycode buyer-intent comparison page

    Action #5 from the 2026-06-05 LLM-citability deep-research: "X vs Y" comparison pages are what LLM answer engines (Perplexity, ChatGPT, Gemini, Claude, Grok) cite for buyer-intent "should I use A or B" queries. Cycode is the funded enterprise vendor anchoring the IDE-security category (Feb 2026 blog popularized PreToolUse / beforeMCPExecution / beforeReadFile naming); ThumbGate occupies the indie/MIT slot beneath them. Honest, non-hyperbolic comparison: enterprise platform vs MIT CLI; learning loop is the differentiator.

    Registered in seo-gsd inline list and prove-seo-gsd sitemap pin.

  • #2529 ca47841 Thanks @IgorGanapolsky! - seo: add /compare/claude-code-hooks-mastery (disler) buyer-intent comparison

    Companion to /compare/cycode. Per memory project_fiddler_competitive_positioning: ThumbGate's REAL competitor at the buyer-intent layer isn't funded enterprise vendors like Fiddler/Cycode — it's the free disler/claude-code-hooks-mastery repo (3,000+ stars). This page addresses the "why pay $19/mo when disler is free?" objection head-on: honest comparison of static example repo vs runnable CLI with learning loop. Same SEO-GSD pattern as /compare/cycode.

  • #2548 8eba5e6 Thanks @IgorGanapolsky! - seo: wire all live /compare pages into the comparison hub and homepage

    The /compare hub linked to only 4 of 13 live comparison pages, and the homepage compare strip to 4 — both hand-maintained lists that drifted every time a new buyer-intent page shipped. Flagship competitor comparisons (claude-code-hooks, arcjet, bumblebee, anthropic-containment, oak-and-sparrow-gatekeeper, anthropic-claude-for-legal) were live and in the sitemap but unreachable from the hub whose entire job is to list them, and the homepage's only link to the hub was display:none. That starves the highest-intent pages of internal link equity from the site's top-authority surfaces — directly counter to the GEO/buyer-intent goal those pages exist for.

    This makes the hub a complete index of every live comparison (framing grounded in each page's own subtitle, no overclaim), adds the top buyer-intent links plus a visible "Compare all" hub link to the homepage strip, and pins the contract with a regression test (/compare must link to every public/compare/*.html) mirroring the existing sitemap-completeness test so it cannot silently drift again.

  • #2594 df59c66 Thanks @IgorGanapolsky! - docs(compare): add /compare/sigmashake — honest ThumbGate vs SigmaShake (and APort, agent-guardrails) comparison targeting "SigmaShake alternative" search intent. Leads with ThumbGate's auto-learning wedge (one thumbs-down → a permanent rule) while conceding where SigmaShake is genuinely ahead (FORCE-substitution, ruleset-hub breadth, maturity). Website-only page; not in the npm bundle. Wired into the /compare index.

  • #2679 8aa6e3b Thanks @IgorGanapolsky! - Add public Headroom context-compression and sovereign coding model guardrail guides, plus LLM discovery links, so buyers comparing token compression or local coding models can find ThumbGate's pre-action enforcement layer.

  • #2631 beb9dd3 Thanks @IgorGanapolsky! - Include brand assets, statusbar SVGs, and buyer intent scripts in the packaged files to fix dashboard layout, broken thumbnails, and clickability for local npm installs. Bump package file count and size limits to accommodate these visual assets.

  • #2542 a0f79b1 Thanks @IgorGanapolsky! - Add a database-agent safety gate pack, harden SQL and migration pre-action checks, and publish a high-intent database safety guide for AI agents.

  • #2807 811635b Thanks @IgorGanapolsky! - Fix deny-network-egress matching every curl and wget regardless of destination. The pattern led with bare curl\s|wget\s alternatives, so the allowlist was never consulted for them and loopback probes such as curl http://localhost:9222 warned on every invocation, recording false-positive negative-feedback events. Detection now keys on the destination, with loopback (localhost, 127.0.0.1, [::1], 0.0.0.0) added to the allowlist. Each allowlist entry is also anchored to a hostname boundary, closing a bypass where open https://github.com.evil.com/x was silently exempt because an allowlisted host matched as a bare prefix.

  • #2740 be6a81b Thanks @IgorGanapolsky! - Fix deploy-scope silently skipping deploys when production has drifted behind main. A push with no runtime-serving file changes now still triggers a catch-up deploy when the live /health build SHA is positively confirmed behind HEAD; unknown/unreachable preserves the historical skip (fail-safe). Prevents production freezing many commits behind main (root cause of the /diagnostic 404 — prod was sitting 86 commits behind).

  • #2550 6f2458b Thanks @IgorGanapolsky! - chore(deps): bump protobufjs to ^8.5.0 (resolved 8.6.0), @lancedb/lancedb to ^0.30.0, @anthropic-ai/sdk to 0.100.1, @google/genai to 2.7.0, stripe to ^22.2.0

    Combined dependency bump consolidating dependabot PRs #2435/#2437/#2438/#2439/#2436 (all five passed targeted tests and were included). Single changeset satisfies the changeset:check gate that blocks lockfile-only dependabot PRs.

  • #2721 fee04eb Thanks @IgorGanapolsky! - Add a focused Workflow Hardening Diagnostic page with a tracked $499 diagnostic checkout path and deploy-gated route verification.

  • #2730 60b98b2 Thanks @IgorGanapolsky! - Fix the /diagnostic page header logo. It rendered a placeholder CSS letter-"T" monogram (<span class="mark">T</span>) — the only page on the site doing so — which read as unfinished on the paid $499 diagnostic landing page. Replace it with the real brand mark (/assets/brand/thumbgate-mark-inline-v3.svg), matching every other page, and simplify the .mark style to a self-framed 28×28 image.

  • #2615 132d626 Thanks @IgorGanapolsky! - feat(distribution): add 5 discoverable auto-triggering Claude Skills that wrap existing MCP tools — thumbgate-guard (capture + force-promote a mistake into an enforced block), thumbgate-rules (list active prevention/reliability rules + their lessons), thumbgate-blocked (gate_stats + enforcement_matrix), thumbgate-protect (branch governance + scoped approvals), and thumbgate-doctor (wiring health). They are the description-discovered companion to the /thumbgate-* slash-commands (#2611): same real MCP tools + CLI subcommands, no new product logic. Built to Anthropic's Agent Skills best practices (trigger-phrase descriptions with a "Do NOT use" over-trigger boundary, progressive disclosure via references/, a self-verify quality checklist). Also fixes three description antipatterns — solve-architecture-autonomy (replaced a 15-keyword over-broad description with narrow explicit triggers), agent-memory and thumbgate-brand-voice (added explicit trigger phrases + a Do-NOT clause). Guarded by tests/discoverable-skill-skills.test.js. Distribution is via the marketplace plugin ("skills": "./skills/"); npm files[] and the bundle ratchet are untouched.

  • #2570 c1b8653 Thanks @IgorGanapolsky! - Wave 7 of the post-Reddit credibility cleanup: removes 13 docs/ root launch-theater markdown files (REDDITGTM_PLAYBOOK, MAY_2026_REVENUE_MACHINE, MONETIZATION_EXEC_SUMMARY, X_AUTOMATION*, etc.) that read as bot-farmed AI-output. Updates VERIFICATION_EVIDENCE.md and tests/version-metadata.test.js so nothing breaks.

  • #2787 0329cee Thanks @IgorGanapolsky! - Documentation + landing-page truthfulness audit: align all public copy and docs with the product's real behavior.

    • Enforcement: reworded ~300 claims across README, landing page, all learn/, guides/, compare/ pages, and docs from false "physically blocks / cannot bypass / fails closed / blocks every repeat" to the accurate warn-by-default posture — ThumbGate flags and logs by default, hard-blocks only the catastrophic classes (secret exfiltration, destructive deletes, supply-chain) by default, and hard-blocks every rule under THUMBGATE_STRICT_ENFORCEMENT=1. "block" language retained only where true (catastrophic classes / strict mode).
    • Removed the unrelated Pretix/Hilltown Media Stripe-Connect consulting content from all public surfaces (meta, JSON-LD, about, learn, llms.txt) and deleted the Pretix case-study page.
    • Fixed the false free-tier "5-rule cap" → 3 (the canonical, test-enforced number); removed the fabricated "Most popular" badge; corrected internal docs that claimed "$20 booked revenue / first-dollar crossed" to the true 0 external customers.
    • Aligned moat copy with MOAT.md (hosted services, not a closed private "core"); marked regulated/enterprise claims (HIPAA/DORA/EU AI Act/SSO) as roadmap/available-on-request; fixed a stale 1.27.17 install version → 1.27.20; softened a "peer-reviewed" arXiv-preprint claim; removed retired X/Twitter links.
    • Updated the pinning tests (check-congruence, public-landing, public-static-assets) to assert the new truthful copy so CI enforces honesty going forward.
  • #2634 6ac5086 Thanks @IgorGanapolsky! - Report external customer revenue separately from owner/test Stripe activity in revenue status.

  • #2769 f102e3d Thanks @IgorGanapolsky! - Fix checkout conversion bug: 99 visitors hit /checkout/pro in 30 days, 0 paid. The server-side Stripe session creation was failing silently (env var not configured on Railway), causing the form to loop back to the interstitial instead of redirecting to Stripe. Changed the form action to link directly to the Stripe Payment Link, bypassing the broken server-side flow entirely.

  • #2624 5572bfb Thanks @IgorGanapolsky! - Fix the sticky Pay $499 diagnostic CTA so Stripe Checkout opens in the current tab instead of a fragile popup/new-tab flow.

  • #2601 3c78a19 Thanks @IgorGanapolsky! - Fix LangGraph wording overclaim in marketplace distribution pack and status dashboard copy. Docs/wording-only; no behavioral change.

  • #2652 2f578ea Thanks @IgorGanapolsky! - Sharpen public positioning so ThumbGate is framed as pre-action governance with reviewable evidence, not self-governance or passive logging.

  • #2682 f913c5f Thanks @IgorGanapolsky! - Add the Guardian/Ethicore policy-engine adapter and commercial-truth claim gates so ThumbGate can normalize external policy verdicts into local pre-action enforcement and require source-of-truth evidence before agents claim money, tax, checkout, inventory, permission, or customer-facing state is fixed or verified.

  • #2589 b485f6d Thanks @IgorGanapolsky! - fix(health): report the actually-deployed commit in /health buildSha. On the Railway GitHub-connected service the baked config/build-metadata.json is the committed null placeholder and RAILWAY_SYNC_VARIABLES is off, so THUMBGATE_BUILD_SHA never updated and /health reported a months-old commit while newer code was live — which also made the deploy workflow's build-SHA verification gate fail on every run. resolveBuildMetadata now reads Railway's per-deploy RAILWAY_GIT_COMMIT_SHA (ground truth for GitHub-connected deploys) ahead of the drift-prone THUMBGATE_BUILD_SHA, while a properly baked file SHA still wins when present.

  • #2625 cfdadf8 Thanks @IgorGanapolsky! - Add Hermes Agent guardrails positioning, compatibility entry points, and a public guide for self-improving agent workflows.

  • #2635 8706f06 Thanks @IgorGanapolsky! - Position Hermes-style self-evolution as safer reviewed rule and skill-change proposals instead of silent instruction overwrites.

  • #2612 f555423 Thanks @IgorGanapolsky! - Rewrite the landing-page hero lede to lead with the concrete mechanism instead of a vague benefit claim. Replaces "AI agents will always hallucinate… we make their mistakes harmless" with what actually happens — ThumbGate blocks the specific dangerous tool call (rm -rf, force-push to main, leaked key, DROP on prod) in the PreToolUse hook before the shell runs it, and a thumbs-down becomes a prevention rule that stops the agent repeating it.

  • #2637 4884d89 Thanks @IgorGanapolsky! - Recognize hosted funnel telemetry as implemented tracking in the revenue status report.

  • #2623 32684c1 Thanks @IgorGanapolsky! - Make agentic development cycle cards clickable on landing page.

  • #2622 936af49 Thanks @IgorGanapolsky! - Delete broken skool asset symlinks to unblock Railway deployment.

  • #2620 367424d Thanks @IgorGanapolsky! - Serve static /media/ assets route to fix broken demo GIF in landing pages.

  • #2696 28392bc Thanks @IgorGanapolsky! - Improve test coverage for Reddit browser notification watch script and publisher credential guards.

  • #2746 cd54bc7 Thanks @IgorGanapolsky! - Add an owned /install buyer path that consolidates live ThumbGate distribution surfaces, verified install commands, marketplace status, and the paid Workflow Hardening Diagnostic CTA.

  • #2664 7d350f1 Thanks @IgorGanapolsky! - Harden analytics JSON responses against HTML interpretation by adding nosniff headers and neutralizing HTML-significant telemetry strings.

  • #2530 b7b0dda Thanks @IgorGanapolsky! - Add paid conversion paths to the high-traffic persistent-memory article so readers can move from the free install path into Pro checkout, the workflow diagnostic, or the workflow intake without hunting for pricing.

  • #2770 e729195 Thanks @IgorGanapolsky! - Serve the Hermes founding beta / Leash Pro pricing landing at /leash-beta with deploy-verify sentinel coverage.

  • #2742 db60efd Thanks @IgorGanapolsky! - Add a retrieval-time superseding filter to lesson retrieval. Same-topic lessons are now collapsed before final selection: duplicates drop to the higher-ranked one, and contradictions (opposite signal on the same rule/topic) keep the most recent — which supersedes the stale one. This prevents "context poisoning," where an agent could be handed two contradictory lessons (e.g. "never force-push" and "force-push is fine") at equal relevance. Conservative by design (distinct lessons are never merged); affects only lesson retrieval, not the hard gate rules.

  • #2753 f1e5011 Thanks @IgorGanapolsky! - Trust hardening of the published npm artifact. verifyLicense() now only considers THUMBGATE_-prefixed env vars as license candidates — it previously scanned every *_API_KEY / *_PRO_KEY env var, so an unrelated vendor's secret could be picked up as a license key — and its result object no longer carries the raw key value (callers only ever needed the boolean/source). The owner-email allowlist is no longer hardcoded in the shipped bundle: set THUMBGATE_OWNER_EMAILS (comma-separated) to classify owner traffic, matching the existing convention in external-customer-audit. The near-duplicate scripts/bot-detector.js is consolidated into scripts/bot-detection.js, which now also exports classifyVisitor, shouldExcludeFromAnalytics, and botFilterMiddleware, with the legacy crawler patterns merged into the unified BOT_PATTERNS list.

  • #2751 4e523cf Thanks @IgorGanapolsky! - fix(mcp): stop reinstalling thumbgate@latest on every MCP server launch. The serve entry now fast-starts from the installed runtime and resolves @latest via npx only when the runtime is absent — matching the hook commands. Removes a per-launch blocking npm install that could hang or fail server startup on slow/offline networks (agents saw the server / capture "time out").

  • #2724 5d927e0 Thanks @IgorGanapolsky! - Add npx thumbgate diagnostic so npm/CLI users can reach the $499 Workflow Hardening Diagnostic intake and checkout paths directly from the package.

  • #2733 2859021 Thanks @IgorGanapolsky! - Add Memora-style nucleus (top-P) "decide when to stop" filtering to per-action lesson retrieval. Operators can set THUMBGATE_RETRIEVAL_TOP_P (or pass options.topP) to trim the low-relevance tail so a single dominant lesson isn't padded out to maxResults — fewer tokens stuffed into each PreToolUse warning and retrieve_lessons call. Off by default (topP=1.0 is a no-op, so existing behaviour is unchanged). Also fixes the previously dead, mis-normalized filterTopP (now scale-free with a minKeep floor) and removes a duplicate calculateRetrievalEntropy definition.

  • #2669 99cd471 Thanks @IgorGanapolsky! - Stop reflecting OAuth authorization query parameters into the browser consent page by storing pending authorization requests behind a short-lived opaque nonce.

  • #2671 02de749 Thanks @IgorGanapolsky! - Escape the OAuth consent nonce before rendering it into the hidden form attribute so the hosted connector authorization page remains explicit about its HTML boundary.

  • #2699 06ff2fe Thanks @IgorGanapolsky! - Optimize inline brand logo (shield and thumbs-up) size, stroke-width, and transparency inside navigation headers to prevent blurriness and increase contrast on dark themes.

  • #2674 ee14437 Thanks @IgorGanapolsky! - Patch transitive audit advisories by pinning the Changesets YAML parser and agent-runtime protobuf parser chains to non-vulnerable versions.

  • #2818 c0d9a06 Thanks @IgorGanapolsky! - Fix a deadlock that prevented npm run pr:manage from ever queuing a PR whose only outstanding check was the merge queue's own. Trunk Merge Queue (main) stays pending until a PR enters the queue, and summarizeChecks() bucketed every check — including that one — so pr-manager refused to submit while "1 quality check is still pending." The guard waited on its own output. Twelve Dependabot PRs sat stuck this way for up to 25 days with all seven required checks green. config/merge-quality-checks.json now carries a selfReferentialChecks list, and summarizeChecks() skips those names. Genuine pending or failing quality checks still block, verified by test.

  • #2527 7bfe020 Thanks @IgorGanapolsky! - Reduce pricing-page checkout friction by sending Pro CTAs directly to the confirmed checkout path where Stripe collects email, while preserving bot-safe interstitial protection and adding first-party pricing page/CTA telemetry.

  • #2557 d6cb6db Thanks @IgorGanapolsky! - Pricing surface hygiene: remove dead .price-card.team-card CSS left over from the retired Team tier (no element references it; the Enterprise card uses .enterprise-card), and correct the stale verify-pricing-surfaces skill so it stops flagging the intentionally plausible-only checkout interstitial as a missing-analytics bug. Prices corrected to $0/$19/$149 and the real checkout health signal (302 → live Stripe) documented.

  • #2642 2debbb5 Thanks @IgorGanapolsky! - Complete the Team-tier retirement across the public marketing surface. The buyer-facing pricing page retired the Team tier in favor of Free/Pro/Enterprise (#2488, #2557), but 50 SEO/comparison/guide pages still advertised the dead Team $49/seat/mo tier, and several tests still asserted it as "current." This sweeps every public page from Team $49/seat/mo to the live Enterprise third tier (keeping Pro $19/mo or $149/yr), and updates the page-copy assertions in seo-guides.test.js and competitive-positioning-marketing.test.js to match.

    Scope note: this is the buyer-facing copy reconciliation only. The dormant Team SKU still wired into the Stripe catalog, the planId=team checkout path, and the 24 active $49 Stripe prices (0 customers ever) are intentionally left untouched here — that billing-infra decommission is a separate change.

  • #2796 a01ba56 Thanks @IgorGanapolsky! - Email the operator when a customer activates ThumbGate Pro locally. The CLI now pings the hosted activation endpoint with the Pro key only as Bearer auth, while the hosted server validates the billing key and sends a secret-safe owner alert containing only a key fingerprint and activation metadata.

  • #2803 140a761 Thanks @IgorGanapolsky! - Route confirmed /checkout/pro bypass traffic to the Pro $19/mo Stripe Payment Link instead of the $1 first-failure-rule product, and tighten public conversion copy around the enterprise AI-agent governance buyer.

  • #2805 d8645e0 Thanks @IgorGanapolsky! - Align Pro and Enterprise packaging copy across checkout, pricing, public pages, LLM context, and CLI receipts. Pro is personal recall, dashboard proof, exports, and managed adapters; Enterprise is shared hosted lessons, org visibility, and rollout support.

  • #2759 dc18cbb Thanks @IgorGanapolsky! - Add ThumbGate Pro tier section to README with Stripe payment link. Lists Pro features (team-wide policies, centralized feedback memory, budget monitoring, priority support) and links to the $19/month payment page.

  • #2668 d7d41ba Thanks @IgorGanapolsky! - Route public HTML detail pages through server-built slug allowlists and sanitize forwarded hosts before rendering HTML or OpenAPI metadata.

  • #2662 0b3b4a1 Thanks @IgorGanapolsky! - Keep Cloudflare Worker maintenance changes out of the Railway deploy scope while preserving Railway deploys for root runtime dependency and serving-surface changes.

  • #2749 86ed0cb Thanks @IgorGanapolsky! - docs(readme): add a "Who builds ThumbGate — and hiring me" section that routes the repo's qualified readers to the maintainer's freelance/contract availability (payments, AI agents, Android). Repositions ThumbGate's credibility as a lead source per the Option-C monetization analysis; no code or runtime behavior change.

  • #2735 11585b4 Thanks @IgorGanapolsky! - Never block read-only observability tools on the pending PR-thread-resolution gate. After any PR-branch commit, the gate previously denied every subsequent tool call — including pure reads like get_business_metrics, dashboard, and describe_semantic_entity — with "a git commit was made on a PR branch." That blinded operators to their own revenue/metrics mid-PR while doing nothing for safety (a read cannot advance a readiness claim or mutate state). Read-only tools (sourced from the canonical readonly MCP profile) are now exempt; mutating tools and file edits stay gated.

  • #2560 26a9752 Thanks @IgorGanapolsky! - Remove internal AI-orchestration files from the public repo after they were called out on Reddit r/devops on 2026-06-06 as "vibe-coded" / bot-like:

    • .claude/implementation-notes/ — internal decision/postmortem docs leaking founder sentiment + revenue state
    • .claude/ralph/ATTEMPTS.md — task list including "ready-to-post for Reddit, HN, Discord"
    • .github/workflows/ralph-*.yml + social-engagement-hourly.yml — hourly social-posting cadence evidence
    • docs/marketing/reddit-posts/ — literal draft post copy

    Adds .gitignore entries, a pre-commit guard in .githooks/pre-commit, and a CI test (tests/no-internal-orchestration-leaks.test.js) so these path families cannot be re-introduced. Note: this only prevents future leaks — the content is still in git history; nuclear history-rewrite is a separate decision.

  • #2608 50e5697 Thanks @IgorGanapolsky! - Security: redact secrets at capture-time and export-time so ThumbGate never stores or ships a
    credential. Adds a single canonical helper scripts/secret-redaction.js (covers Stripe
    sk_live_/sk_test_/rk_live_/rk_test_/whsec_, AWS access keys, GitHub/Slack/Google/Anthropic/OpenAI
    keys, JWTs, bearer tokens, PEM private-key blocks, and generic key=value secret assignments;
    Stripe publishable pk_live_ keys are intentionally preserved as public).

    It is wired into the conversation-capture writers — feedback-history-distiller (the
    conversation-window.jsonl writer, which was the incident vector), lesson-inference (lesson
    writer), and self-distill-agent (run manifest) — so a pasted key is redacted before it lands on
    disk, and into the export-dpo-pairs and export-databricks-bundle exporters so published/shared
    datasets cannot leak captured secrets (the DPO redaction also cleans the HF preferences split).
    Prompted by a 2026-06-10 incident where a live Stripe sk_live_ key was found in plaintext in
    .thumbgate/conversation-window.jsonl.

    Note: the feedback-log.jsonl / memory-log.jsonl writers in feedback-loop.js are covered at
    the export boundary (both exporters redact when reading them); adding at-rest redaction inside
    feedback-loop.js is deferred to a follow-up because that file carries unrelated pre-existing
    SonarCloud findings that would block this security PR's quality gate.

  • #2697 c25724c Thanks @IgorGanapolsky! - Refactor Reddit browser notification watch script to reduce cognitive complexity and resolve SonarCloud issues.

  • #2785 adfbcec Thanks @IgorGanapolsky! - Release 1.27.20 — ship a complete npm tarball.

    Published 1.27.19 was cut from an untracked working directory and omitted 32 files (including scripts/feedback-sanitizer.js), which crashed the UserPromptSubmit hook on every prompt. This release publishes the full file set from main through CI (tagged, provenance-signed) and includes the pack-integrity regression guard so an incomplete tarball can never publish again.

  • #2773 6f6b022 Thanks @IgorGanapolsky! - Remove budget gates from the PreToolUse hook path (self-lockout fix). A stale ~/.thumbgate/budget-state.json (session_start never reset across sessions) permanently blocked every Bash/Edit/Write call — including the edits needed to repair the gate itself. The hook no longer consults budget gates at all; spend tracking remains advisory-only. evaluateBudget() is now advisory by default (deny requires explicit THUMBGATE_BUDGET_ENFORCE=1), auto-resets state older than 2× the time cap, and scopes state to a sessionId when provided. Regression test tests/hook-no-budget-lockout.test.js spawns the real hook with poisoned budget state and asserts it can never block.

  • #2754 8f28fe4 Thanks @IgorGanapolsky! - Remove internal operator report, proof-artifact, and memory-log directories from the public repository, and extend the leak gate (gitignore, pre-commit hook, CI test) so they cannot return. Public guide/compare pages and the pro/landing templates now point their evidence links at docs/VERIFICATION_EVIDENCE.md instead of tracked proof-report JSON files.

  • #2559 d4f6774 Thanks @IgorGanapolsky! - chore: remove orphaned scripts/feedback-aggregate-stats.js (+ its unit test). The statusline aggregation that ships is feedback-aggregate.js (computeAggregateFeedbackStats); the feedback-aggregate-stats module from PR #2545 was superseded by a parallel implementation that landed concurrently and is referenced nowhere. Dead code removed; bundle file count decreases (within existing ceilings).

  • #2560 26a9752 Thanks @IgorGanapolsky! - Repo credibility cleanup wave 1, after Reddit r/devops thread (2026-06-06) called the project out as a "vibe-coded" bot operation. Removes 22 social/marketing/orchestration GitHub workflows (linkedin/reddit/zernio/instagram/video dispatchers, daily-revenue-loop, gtm-autonomous-loop, weekly-social-post, reply-monitor, social-analytics-poll, etc.) and 6 root-level launch-theater markdown files (LAUNCH.md, LAUNCH_NOW.md, LAUNCH_POSTS.md, FIRST_CUSTOMER_BATTLE_PLAN.md, ALL_ENHANCEMENTS_COMPLETE.md, TEST_EVIDENCE_E2E_HYBRID_CLAW.md). Extends the pre-commit guard and CI test to permanently block re-introduction of either path family. Workflow count: 52 → 30. Tracked-line delta: -3164.

  • #2538 8117974 Thanks @IgorGanapolsky! - Add a shared owned-site revenue assist on high-traffic ThumbGate pages with Pro checkout, workflow diagnostic CTAs, and Plausible abandonment-reason telemetry so buyer objections can be measured before Stripe checkout.

  • #2562 fa0155f Thanks @IgorGanapolsky! - Tighten public repo hygiene and revenue observability: remove tracked internal agent scratchpads/social automation artifacts, add CI guards against reintroducing them, schedule Stripe checkout diagnostics on main, document canonical analytics/search-console env, and surface Google Search Console generative-AI visibility readiness in the revenue rollup.

  • #2644 a89d7c9 Thanks @IgorGanapolsky! - Register the diagnostic and workflow sprint tracked offer routes and auto-list guide pages in the sitemap so paid CTAs and AI-search guide pages stay discoverable.

  • #2700 38ab7d4 Thanks @IgorGanapolsky! - Revert the brand logo assets to the original TG gate monogram design to align with the branding displayed on Stripe checkout pages.

  • #2632 ddc17f3 Thanks @IgorGanapolsky! - Route the sticky workflow-help CTA to intake instead of a blind $499 diagnostic checkout.

  • #2725 92b7f41 Thanks @IgorGanapolsky! - Redact billing:setup operator keys by default so revenue readback setup no longer leaks live secrets into agent transcripts or shell logs.

  • #2627 4c533ed Thanks @IgorGanapolsky! - Surface the self-improving positioning visibly on the landing page (it was only in structured-data before). The "three steps" section now leads with "Self-improving enforcement" and a subhead clarifying the axis — self-improving for safety, not capability: every 👎 compiles into a hard rule, and each rule regression-tests itself so it blocks the repeat, never the safe action.

  • #2523 e3a2452 Thanks @IgorGanapolsky! - seo: add canonical PreToolUse / beforeMCPExecution / MCP tool-call gating guide

    Targets the Cycode-owned IDE-security lexicon (PreToolUse hook, beforeMCPExecution, beforeReadFile, beforeSubmitPrompt) so ThumbGate occupies the indie/MIT slot beneath funded enterprise vendors in LLM answer-engine citations (Perplexity, ChatGPT, Gemini, Claude, Grok) for buyer-intent queries like "how do I stop Claude Code from running dangerous commands". Verified-absence finding in the 2026-06-05 deep-research report: ThumbGate is currently invisible in awesome-mcp-servers, the General Analysis enterprise guardrails roundup, and the Cycode-anchored category lexicon. This page fills the lexicon gap.

    New route: /guides/claude-code-pretooluse-hook. Registered in the seo-gsd build list and the prove-seo-gsd sitemap pin. No new dependencies, no public-bundle-ratchet impact.

  • #2792 ad57632 Thanks @IgorGanapolsky! - Add signed-entitlement boundary (the real paid-tier protection). New scripts/entitlement.js verifies Ed25519-signed license tokens offline (tier, features, expiry, customer id, key id, signature) against a shipped public keyset; requireEntitlement(feature) gates paid features — advisory by default, enforced via THUMBGATE_ENFORCE_ENTITLEMENTS=1. The DPO/HuggingFace/Databricks exporters now call the gate. Replaces the bypassable tg_/tg_pro_ prefix check: fake prefix keys and tampered/expired/wrong-key tokens all fail verification (proven in tests/entitlement.test.js). The private signing key never ships (hosted billing secret / local gitignored dev key only).

  • #2521 054c10d Thanks @IgorGanapolsky! - GEO: /sitemap.xml now auto-includes every public/compare/*.html comparison page (derived from the filesystem instead of a hand-maintained list, so pages can no longer silently fall out of the sitemap), and the ThumbGate-vs-Rein comparison and Agent Manager landing pages gained FAQPage structured data — making them eligible to surface in AI Overviews / AI Mode and discoverable by AI answer engines on their buyer-intent queries.

  • #2695 bf739a7 Thanks @IgorGanapolsky! - Fix premium landing page logo rendering and statusline test telemetry timeout.

  • #2564 5d84509 Thanks @IgorGanapolsky! - Harden PreToolUse enforcement against helper-script and package-script bypasses by correlating recent helper writes with later risky execution chains.

  • #2549 10f8585 Thanks @IgorGanapolsky! - Statusline now aggregates across every live statusline_cache.json so the displayed thumbs-up/down reflects the user's true totals instead of whichever folder happens to be cwd. On a host with multiple per-project caches the same product was previously showing 74% / 20% / 0% approval depending on cwd; the aggregated readout is the correct cross-folder total. Cache writes remain per-folder so attribution is preserved; opt out of aggregation with THUMBGATE_STATUSLINE_AGGREGATE=0.

  • #2545 109968c Thanks @IgorGanapolsky! - fix(statusline): aggregate feedback across all stores so the statusline shows the true cross-project total instead of only the slice for the folder it runs in. Previously the statusline read a single resolved feedback store, so it could show 8👍/0👎 in one repo while ~150 thumbs-down lived in another project's store. Adds a read-only cross-store sum (deduped by feedback id) over the global stores + the active project; opt back to per-folder counts with THUMBGATE_STATUSLINE_SCOPE=project. Capture/write path unchanged.

  • #2554 dcc8d66 Thanks @IgorGanapolsky! - Fix statusline display showing inflated thumbs counts (e.g. 1152↑/747↓ when the true cross-store total was 727↑/600↓). scripts/statusline-cache-read.js was summing thumbs_up/thumbs_down across every per-folder statusline_cache.json, but the canonical global aggregate at ~/.thumbgate/statusline_cache.json is itself written as the cross-store sum (by feedback-aggregate.js). Summing the aggregate plus the per-folder caches counted every event twice. The helper now resolves the highest-priority existing cache and returns its content unchanged.

  • #2558 e0d4cd1 Thanks @IgorGanapolsky! - Add a true end-to-end test that spawns scripts/statusline-local-stats.js as a child process and proves cross-store feedback aggregation (deduped by id), the project-scope opt-out, and the zero-store case.

  • #2549 10f8585 Thanks @IgorGanapolsky! - Fix ThumbGate statusline, dashboard, feedback stats, and local chat reads to aggregate known feedback stores instead of showing only the current folder's slice. The statusline now prefers a global aggregate cache, dedupes feedback by id across active, parent, and global project stores, and keeps a local-only opt-out with THUMBGATE_STATUSLINE_AGGREGATE=0.

  • #2522 3989ee5 Thanks @IgorGanapolsky! - ci: wire codex marketplace pack regeneration into sync-version.js

    The codex marketplace pack (docs/marketing/codex-marketplace-revenue-pack.md)
    embeds the release version in a releases/download/v<VERSION>/ URL, but was
    not a sync-version target — so every release tripped the
    "checked-in Codex marketplace pack stays in sync with the generator output"
    test (caught on 1.27.3, 1.27.4/1.27.6, would have caught every future bump).

    Fix: add a POST_SYNC_GENERATORS step that, after the simple field-level
    version sync, invokes registered regenerator scripts (currently just
    scripts/codex-marketplace-revenue-pack.js --write-docs). On --check the
    generators are skipped (the existing per-generator test catches drift); on a
    real sync they run and re-emit the pack with the new version. Generator
    failures are logged as warnings, never break the version sync — the
    per-generator test is still the source of truth.

    Live-verified by simulating 1.27.6 → 1.27.7: pack URL auto-updated from
    v1.27.6/...zip to v1.27.7/...zip and the codex test passes 10/10.

    Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com

  • #2578 96f5d11 Thanks @IgorGanapolsky! - Add THREAT_MODEL.md — an honest, public statement of what the PreToolUse hook enforces (policy + observability layer) versus what it cannot contain (execution one layer down: curl|bash, write-then-run, package-script wrappers, subprocess handoff), and the recommended architecture of pairing the policy layer with an OS/sandbox containment boundary. Documents the shipped stateful-helper-script-bypass gate as defense-in-depth, not a containment substitute. Answers the r/devops review of the enforcement model.

  • #2703 306ee02 Thanks @IgorGanapolsky! - Repair ThumbGate 1.27.15 plugin distribution metadata across Cursor, Codex, Claude, OpenCode, VS Code, MCP server cards, and public version surfaces. Add a Cursor Marketplace doctor that separates local bundle readiness from public listing approval, document the current non-live Cursor listing truth, reinstall the repo-local Codex plugin at 1.27.15, remove obsolete Zernio-only tests from the aggregate release suite, and add Z.ai helper exports used by the revenue automation smoke checks.

  • #2592 2d887de Thanks @IgorGanapolsky! - Add animated demo GIF to homepage hero; web asset only.

  • #2593 ec21c78 Thanks @IgorGanapolsky! - Add homepage section answering 'why not write my own hooks'; web copy only.

  • #2595 41299ac Thanks @IgorGanapolsky! - Add /compare/snowflake-cortex-agents comparison page and seo-gsd supporting entries.

  • #2596 e2df6f8 Thanks @IgorGanapolsky! - Clarify README local-first retrieval wording to remove overclaim; docs-only, no behavior change.

  • #2640 a2864e4 Thanks @IgorGanapolsky! - Add vLLM serving guardrails positioning for self-hosted model-routing rollouts.

  • #2654 155d86d Thanks @IgorGanapolsky! - Patch worker development dependencies to remove npm audit findings and add CI/Dependabot coverage for worker dependency vulnerabilities.

  • #2790 c11d1f4 Thanks @IgorGanapolsky! - Security: complete HTML-attribute escaping to close reflected XSS (CodeQL js/reflected-xss #252). escapeHtmlAttribute() now escapes single quotes and backticks in addition to & " < >, so a ?email search param reflected into the checkout page's value="..." attribute can no longer break out of the attribute context (and CodeQL recognizes it as a full sanitizer). Adds tests/xss-checkout-escape.test.js.

Verification Standard

  • Publish only runs from main after version sync, tests, and runtime proof pass.
  • The npm package is smoke-tested after publish by installing thumbgate@VERSION in a clean runtime.
  • GitHub Release notes are generated from Changesets, not only GitHub auto-generated PR titles.