[email protected]

Release Links

• npm: https://www.npmjs.com/package/thumbgate/v/1.18.0
• GitHub Release: https://github.com/IgorGanapolsky/ThumbGate/releases/tag/v1.18.0
• Compare: https://github.com/IgorGanapolsky/ThumbGate/compare/v1.17.0...v1.18.0
• Publish workflow: https://github.com/IgorGanapolsky/ThumbGate/actions/runs/25766661646
• npm published at: 2026-05-12T22:46:42.936Z
• npm shasum: 4b8ea36ff65f0f3640ce9caafbe6070f1f8721cc
• npm tarball: https://registry.npmjs.org/thumbgate/-/thumbgate-1.18.0.tgz
• Release ref: bf655f434461987f3324524fdbd020ee8b1e55ba

npm Email Companion

npm controls the native "Successfully published" email template, so the email itself stays short. Treat this generated artifact as the full release-note companion for that email: it carries the Changeset summaries, CHANGELOG entry, publish workflow, npm tarball, and shasum when available.

Full Changeset Release Notes

No changed .changeset/*.md entries were detected for this release range.

CHANGELOG.md Entry

1.18.0

Minor Changes

• #1877 879e8bf Thanks @IgorGanapolsky! - Fix the actual conversion leak: rewrite the /checkout/pro interstitial from a 7-option paradox-of-choice page ("Choose the right paid path. Book $499 diagnostic / Start $1500 sprint / Pay in Stripe / Pay $99 teardown / Pay $19 quick read / Pay $1 first rule / Send workflow first / See options") into a focused Pro confirmation page with trust signals ("Start ThumbGate Pro $19/mo" + 4 verified-customer trust bullets + a single primary "Pay $19/mo with Stripe →" button), with the other 6 paid paths collapsed into a <details> "Other paid paths" disclosure. Remove the confirm=1 bypass from the landing-page Upgrade-to-Pro link so the buyer sees the trust handoff before hitting the bare Stripe form. Verified funnel: 297 checkout starts → 4 paid in 30d (1.3%, vs. 5-15% industry norm) — this addresses the actual leak the audits kept pointing at.

• #1910 4a0fbdb Thanks @IgorGanapolsky! - Add /go/teams to the tracked-link redirector — was returning HTTP 404 + "Tracked link not found" since the slug wasn't registered in TRACKED_LINK_TARGETS. Real impact: Aiventyx marketplace's Teams listing (5 clicks on 8 views ≈ 62% CTR — our strongest-performing external listing) had every click landing on a 404 page after our integrator swapped to the canonical https://thumbgate.ai/go/teams?utm_source=aiventyx&... URL. Now redirects to /checkout/pro with plan_id=team&seat_count=3&billing_cycle=monthly defaults — the 3-seat ($147/mo) self-serve Stripe Team checkout path. UTM params from caller flow through (Aiventyx-attributed clicks remain traceable end-to-end into Stripe). Two regression tests added pinning the redirect contract.

• #1881 28aefae Thanks @IgorGanapolsky! - Fix the activation loop: a single 👎 now auto-promotes a working gate. Lowered WARN_THRESHOLD in scripts/auto-promote-gates.js from 2 → 1. Block escalation (BLOCK_THRESHOLD = 3) is unchanged, so noise doesn't auto-hard-block. Also expands HIGH_RISK_TAGS in scripts/feedback-to-rules.js to match the tag vocabulary inferSemanticTags() actually emits (destructive, force-push, delete, drop, production, database, payment, credentials, secrets, data-loss, etc.) so the high-risk-tag fast-path also triggers on first capture for matching destructive patterns. Cold-buyer experience was: install → give 1 👎 → "No domain has reached the threshold (2) yet" → bail. After this fix: install → give 1 👎 → gate auto-* with action: warn is live, visible in npx thumbgate gate-stats. Updates tests/auto-promote-gates.test.js to pin the new 1/3 contract.

• #1877 879e8bf Thanks @IgorGanapolsky! - Open the Team-tier self-serve checkout path. The Stripe price ID (STRIPE_PRICE_ID_TEAM_MONTHLY), the server-side checkout session creator, and the plan_id=team&seat_count=N URL routing were already fully wired — the landing page just hadn't exposed a button. The Team pricing card now leads with "Start 3-seat Team — $147/mo" (a direct /checkout/pro link that creates a Stripe subscription session via the existing createCheckoutSession flow), with the Workflow Hardening Sprint intake demoted to a secondary qualification path. Engineering Managers can now swipe a card without booking a sales call.

Patch Changes

• #1878 e788db7 Thanks @IgorGanapolsky! - Add docs/marketing/buyer-leads-2026-05-11.md: 16 named GitHub-user leads with verifiable issue quotes, tier classification (Pro / Team / Sprint), and personalized 3-sentence reply drafts. Built from gh api search/issues queries against four failure patterns ThumbGate solves: agent destructive ops, hallucinated content/imports, force-push/branch-rename mistakes, and PreToolUse hook gaps. CEO-only outreach (auto-posting still locked per 2026-04-21 directive); UTM tagging scheme defined for per-lead conversion attribution.

• #1380 734f5e6 Thanks @dependabot! - Bump @huggingface/transformers from 4.1.0 to 4.2.0 to keep the shipped runtime dependency set current under ThumbGate's audited release flow.

• #1845 85d640f Thanks @dependabot! - Bump @changesets/changelog-github from 0.6.0 to 0.7.0 to keep the shipped build and test dependency set current under ThumbGate's audited release flow.

• #1910 4a0fbdb Thanks @IgorGanapolsky! - Add an offline feedback-quality eval that reports JSONL signal quality, SQLite lesson coverage, and LanceDB retrieval-export metrics without adding runtime ML dependencies.

• #1527 58e63d4 Thanks @IgorGanapolsky! - Clarify the GTM operator handoff by surfacing aggregate GitHub-ready prospect counts and explaining how GitHub leads are split across self-serve, production-rollout, and seed-stage buckets.

• #1522 7b87c81 Thanks @IgorGanapolsky! - Add a flat marketplace submission sheet to the GTM revenue loop so operator-ready listing surfaces can be exported from the same evidence-backed copy pack and variant metadata.

• #1877 879e8bf Thanks @IgorGanapolsky! - Rewrite the Pro pricing card from feature-bullets to outcome-claims. Each bullet now leads with what the buyer gets ("Block every repeat mistake", "Never re-explain a correction", "Ship hardened agents to production") before stating the mechanism that delivers it. Sub-headline tightened from "For builders who want proof, exports, and unlimited local learning" to "Stop paying tokens to re-correct the same agent mistake across sessions." Tier label simplified from "Solo Pro" to "Pro" — solo-buyer framing was a self-imposed ceiling. All existing test substrings preserved.

• #1901 ff9b17a Thanks @IgorGanapolsky! - Fail confirmed revenue email dispatches when Resend rejects the send. This prevents revenue workflows from recording a successful run when the provider returns an API error such as an unverified sender domain.

Verification Standard

• Publish only runs from main after version sync, tests, and runtime proof pass.
• The npm package is smoke-tested after publish by installing thumbgate@VERSION in a clean runtime.
• GitHub Release notes are generated from Changesets, not only GitHub auto-generated PR titles.