[email protected]

Release Links

• npm: https://www.npmjs.com/package/thumbgate/v/1.5.0
• GitHub Release: https://github.com/IgorGanapolsky/ThumbGate/releases/tag/v1.5.0
• Compare: https://github.com/IgorGanapolsky/ThumbGate/compare/v1.4.6...v1.5.0
• Publish workflow: https://github.com/IgorGanapolsky/ThumbGate/actions/runs/24420027751
• npm published at: 2026-04-14T19:59:44.911Z
• npm shasum: 9cf4516aa205383eb17741d59292641c1125ba8b
• npm tarball: https://registry.npmjs.org/thumbgate/-/thumbgate-1.5.0.tgz
• Release ref: d81836cd3768ad0d5d754935318baf1f05686a94

npm Email Companion

npm controls the native "Successfully published" email template, so the email itself stays short. Treat this generated artifact as the full release-note companion for that email: it carries the Changeset summaries, CHANGELOG entry, publish workflow, npm tarball, and shasum when available.

Full Changeset Release Notes

No changed .changeset/*.md entries were detected for this release range.

CHANGELOG.md Entry

1.5.0

Minor Changes

• #815 9211b17 Thanks @IgorGanapolsky! - Agent-first CLI experience: add --json flag to all commands, thumbgate status health check, thumbgate explore subcommands (lessons/rules/gates/firings), output context signals ([LOCAL], [ACTIVE], [LEARNING], [BLOCKED], [ALLOWED]), and thumbgate demo simulated walkthrough. AI agents can now programmatically check gate status, search lessons, and introspect ThumbGate state.

• #812 66277a7 Thanks @IgorGanapolsky! - Add autonomous four-hour marketing autopilots for text, video, Reddit, Dev.to, and Zernio-backed distribution with cached deduplication state.

• #805 82a5849 Thanks @IgorGanapolsky! - Steal Cloudflare CLI ideas: schema-first help, --json everywhere, --local/--remote

  Three improvements stolen from Cloudflare's CLI architecture post:

  1. Schema-first CLI (scripts/cli-schema.js)
  Single source of truth for all CLI command metadata. help() is now generated
  from the schema rather than hardcoded console.log lines. Each command declares
  its name, description, flags (with types), group, and MCP tool binding.
  Adding a new command in cli-schema.js auto-updates help output and the explore
  TUI command browser.

  2. --json everywhere

  • thumbgate stats --json → structured payload with total, positives, negatives,
    approvalRate, recentTrend, revenueAtRisk, topTags, recentActivity
  • thumbgate gate-stats --json → all gate engine metrics except the full gates
    array (add --verbose to include it)
  • thumbgate doctor --json already existed; now documented in schema

  3. --local / --remote flag on lessons

  • thumbgate lessons --local (default) uses the local JSONL/SQLite store
  • thumbgate lessons --remote fetches from the hosted Railway instance at
    GET /v1/lessons/search?q=...&limit=... — same response shape
  • Respects THUMBGATE_API_URL env var for custom deployments

• #707 03c26b9 Thanks @IgorGanapolsky! - Add context-stuffing mode: dump all lessons into agent context bypassing RAG. New MCP tool context_stuff_lessons.

• #789 258f7ef Thanks @IgorGanapolsky! - Add cross-encoder reranker to lesson retrieval pipeline (Advanced RAG)

  Introduces scripts/lesson-reranker.js — a field-weighted BM25F cross-encoder
  that processes (query, lesson) pairs jointly rather than independently:

  • Field weighting: query terms in whatWentWrong (weight 3.0) contribute
    more than the same term in tags (weight 0.4), catching field-specific
    relevance that bi-encoders miss
  • Synonym expansion: "deploy" ↔ "deployment/release/publish", "force-push"
    ↔ "git push --force", ".env" ↔ "secret/dotenv", and 8 more synonym clusters
  • Signal coherence: failure-sounding queries boost negative-signal lessons
    by 1.2× so the right cautionary lesson surfaces first
  • Tool name joint scoring: exact tool match in metadata.toolsUsed adds
    a 1.3× ranking bonus
  • Score blending: final score = 0.7 × normalised BM25 + 0.3 × original
    bi-encoder score so retrieval signal is never fully discarded

  The pipeline is now two-stage: bi-encoder retrieves top-50 candidates, then
  the cross-encoder reranks and returns top-K. Both the PreToolUse hook path
  (lesson-retrieval.js) and the MCP search_lessons path (lesson-search.js)
  use the reranker.

• #768 9f05bbb Thanks @IgorGanapolsky! - Position ThumbGate as AI agent security infrastructure across the public landing context, LLM context, and social launch visuals.

• #689 0467bf1 Thanks @IgorGanapolsky! - Add policy and runbook document ingestion with searchable local storage, CLI/API/MCP import surfaces, and proposed gate generation for team workflows.

• #805 82a5849 Thanks @IgorGanapolsky! - Add thumbgate explore — interactive TUI explorer for lessons, gates, stats, and rules

  Inspired by Cloudflare's Local Explorer pattern: a zero-dependency, keyboard-driven
  terminal interface that lets developers and AI agents discover what ThumbGate has
  learned and what gates are active.

  Features:

  • 4 tabs (1-4 or Tab key): Lessons · Gates · Stats · Rules
  • ↑/↓ or j/k to navigate, / to search/filter, Enter for detail view
  • Color-coded signal indicators (● negative = red, ● positive = green)
  • Relative timestamps, truncation, terminal-resize awareness
  • Works entirely from local JSONL/SQLite — no network required

• #690 04674fa Thanks @IgorGanapolsky! - Add ForgeCode agent adapter, Plausible analytics tracking across all pages, YouTube Shorts in weekly workflow, and daily revenue loop GitHub Actions workflow.

• #743 a14279c Thanks @IgorGanapolsky! - Wire up hosted billing integration with a dedicated THUMBGATE_OPERATOR_KEY. Run node bin/cli.js billing:setup to generate a key, then set it on Railway — the CFO dashboard will pull live production revenue automatically.

• #656 bbf835c Thanks @IgorGanapolsky! - Add LLM-powered managed lesson agent, Anthropic SDK integration, AEO discovery (llms.txt), and founding member CTA across upgrade prompts

• #684 fe326d3 Thanks @IgorGanapolsky! - Add meta-agent self-improvement loop (scripts/meta-agent-loop.js) and gate-program.md for closed-loop prevention rule generation without requiring human feedback on every iteration

• #816 f3a1cd2 Thanks @IgorGanapolsky! - Add Perplexity MCP adapter configs for Claude Code, Codex, and OpenCode. Register perplexity_search, perplexity_ask, perplexity_research, and perplexity_reason in MCP allowlists. Add enrichWithPerplexity() to lesson-search for optional web-context enrichment of search results.

• #735 0b48d35 Thanks @IgorGanapolsky! - Add npx thumbgate quick-start command for zero-config complete enforcement setup

• #770 b38cd7e Thanks @IgorGanapolsky! - Add Ralph Loop CI for always-on audience engagement, with hourly analytics polling, stateful reply monitoring, launch asset sync, and Reliability Gateway evidence artifacts.

• #785 9f3fae7 Thanks @IgorGanapolsky! - Add session analyzer coverage and Perplexity visibility checks so Ralph Mode CI can detect wasted agent turns, confusion signals, and AI-search discoverability regressions.

• #656 bbf835c Thanks @IgorGanapolsky! - Pivot to team governance positioning ($99/seat/mo), add AEO for LLM discovery, fix LinkedIn poller

• #694 6dffca9 Thanks @IgorGanapolsky! - Tighten free tier to 3 captures/day and 5 searches/day, add Pro CTA to CLI init output, and prepare Reddit seeding posts.

Patch Changes

• #726 b5ed367 Thanks @IgorGanapolsky! - Publish the AI agent security campaign updates across the site blog and launch assets.

• #699 db8bd9f Thanks @IgorGanapolsky! - Weave AI authenticity enforcement angle across all buyer-facing and AI-discovery surfaces: README hero, landing page signal pill, llm-context.md discovery section, MARKETING_COPY_CONGRUENCE.md terminology rules, and package.json keywords.

• #683 eb06538 Thanks @IgorGanapolsky! - Weave AI authenticity enforcement angle across all discovery surfaces (README, landing page hero, FAQ, llm-context, marketing docs, NPM keywords).

• #672 d9d9ae7 Thanks @IgorGanapolsky! - Reframe the public product story around an enterprise-first workflow hardening motion while keeping the free CLI as the adoption wedge and Solo Pro as a secondary self-serve lane. This aligns the README, landing page, LLM context, commercial docs, and discovery assets with the current team-governance positioning.

• #799 adaab1a Thanks @IgorGanapolsky! - Refresh the ChatGPT GPT Builder instructions around the Reliability Gateway loop, pre-action decision checks, typed feedback capture, prevention-rule generation, and proof export so the public GPT no longer uses generic setup-concierge positioning.

• #769 1ae2873 Thanks @IgorGanapolsky! - Tighten the ChatGPT GPT Store packet for regular users. The docs now make the owner-managed Actions API key explicit, keep API keys and JSON away from regular GPT users, use the hosted privacy policy URL, and reinforce the thumbs-up/down answer-memory loop.

• #766 c90604c Thanks @IgorGanapolsky! - Clarify Claude and ChatGPT distribution paths. The ChatGPT GPT Actions lane now explains the regular-user loop: reply with thumbs up/down on ChatGPT answers, save lessons, prevent repeated bad answer patterns, and reinforce answers that worked.

• #739 2f4168c Thanks @IgorGanapolsky! - Strengthen Claude plugin listing readiness docs, release assets, and submission packaging

• #737 188319b Thanks @IgorGanapolsky! - Update Claude plugin manifests to current marketplace spec for directory listing

• #692 7f962ea Thanks @IgorGanapolsky! - Harden merge integrity by blocking failing non-required quality checks, syncing main branch protection to the critical check set, and reporting landed merge commits instead of branch head SHAs.

• #655 5d564a9 Thanks @IgorGanapolsky! - Refresh SonarCloud on main pushes without blocking on legacy baseline debt, while keeping strict PR quality-gate enforcement and stamping analyses with the package version for release-aligned verification.

• #729 5f9eef8 Thanks @IgorGanapolsky! - Promote the published Codex plugin bundle more clearly from the landing page and README.

• #701 0a773dd Thanks @IgorGanapolsky! - Publish a standalone Codex plugin zip, direct-download release aliases, and the matching GitHub Actions release workflow.

• #835 c0024cd Thanks @IgorGanapolsky! - Lead public marketing, README, LLM context, and ChatGPT GPT instructions with
  costly AI mistake prevention outcomes while clarifying that the GPT provides
  advice/checkpointing and hard enforcement runs through the local ThumbGate
  Reliability Gateway.

• #657 5a16509 Thanks @IgorGanapolsky! - Bound Railway deploy health checks with explicit curl timeouts so unhealthy releases fail predictably instead of stalling verification indefinitely.

• #681 8400073 Thanks @IgorGanapolsky! - Give live GitHub About verification a longer CI retry window so post-merge mainline checks do not fail on transient GitHub metadata propagation lag.

• #669 c8f0c0a Thanks @IgorGanapolsky! - Include .well-known/ in Docker image so llms.txt is served in production

• #678 eb35983 Thanks @IgorGanapolsky! - Remove brittle hardcoded verification-count claims from docs and landing page; add docs-claim-hygiene regression test.

• #848 804a284 Thanks @IgorGanapolsky! - Clarify the first-dollar activation path across the landing page, README, and ChatGPT GPT docs so cold users start by proving one blocked repeated mistake before upgrading to Pro or entering the Workflow Hardening Sprint.

• #842 8ea4a16 Thanks @IgorGanapolsky! - Add first-party marketing link routing and conversion-funnel telemetry so ThumbGate can attribute GPT, install, Pro checkout, and trial-email intent without adding Branch.io.

• #666 622630b Thanks @IgorGanapolsky! - Narrow Railway deploy detection so shell-only script changes like the Claude statusline do not trigger production deploys, while runtime JavaScript modules still do.

• #784 9c9bcab Thanks @IgorGanapolsky! - Fix checkout mode from one-time payment to monthly subscription. Corrects billing.ts to use mode: 'subscription' with the $19/mo price instead of mode: 'payment' with the $49 one-time price. Updates auth.ts error message to match.

• #693 2be9345 Thanks @IgorGanapolsky! - Restore clickable Claude statusline affordances for ThumbGate. The packaged statusline once again exposes OSC 8 hyperlinks for 👍, 👎, Dashboard, and Lessons, auto-boots the local Pro dashboard server when needed, and prefers the installed runtime binary over repeated npm exec launches.

• #775 a9145d1 Thanks @IgorGanapolsky! - Close 7 enforcement loop gaps that caused 1:33 thumbs ratio. Lower auto-promote thresholds (WARN 2, BLOCK 3), fix auto-gates overwrite bug, add compiled guard staleness check, broaden memory guard to all write operations, and inject behavioral context on every tool call.

• #747 6b09d59 Thanks @IgorGanapolsky! - Fix hosted billing fetch in proxy environments. Node.js native fetch (undici) does not honour HTTPS_PROXY env vars; bootstraps ProxyAgent when a proxy URL is detected so node bin/cli.js cfo --today works correctly in sandboxed or corporate network environments.

• #846 c988ea8 Thanks @IgorGanapolsky! - Include public/lessons.html and public/index.html in npm package. The server
  reads these at runtime — excluding them degrades the lessons UI to a stub page.
  Added CI test to prevent this regression.

• #843 83ec53d Thanks @IgorGanapolsky! - Fix hash navigation on Lessons page: scrollIntoView silently failed on elements
  inside hidden tabs (display:none). Now switches to the correct tab before querying
  for the target element. Statusbar "Latest mistake" links now scroll to the right
  rule card.

• #803 ccea486 Thanks @IgorGanapolsky! - Fix operator key blocked by general auth gate when THUMBGATE_API_KEY is also set. The general isAuthorized gate only checked the admin key, causing operator key requests to get 401 before reaching the billing/summary endpoint handler. Now the operator key is allowed to bypass the general gate specifically for GET /v1/billing/summary.

• #814 ed86638 Thanks @IgorGanapolsky! - Fix wire-hooks to clean stale project-level Claude Code hooks referencing missing files. Previously only cleaned user-level settings, leaving broken hooks in .claude/settings.json that caused "UserPromptSubmit hook error".

• #827 d356712 Thanks @IgorGanapolsky! - fix: make Dashboard and Lessons links clickable in Claude Code statusbar using OSC 8 terminal hyperlinks

• #776 0efa4fa Thanks @IgorGanapolsky! - Make statusbar lesson text readable: prefer structured rule actions over raw feedback, increase truncation to 60 chars, strip localhost links from display.

• #741 1d63aa7 Thanks @IgorGanapolsky! - Fix test fixture isolation: disable commit signing in temp git repos and use empty feedback dir in workflow-sentinel unit tests so CI environments with signing servers and accumulated learned-policy data don't cause false failures.

• #841 f420136 Thanks @IgorGanapolsky! - Fix Stripe webhook handler silently dropping all paid events when STRIPE_WEBHOOK_SECRET is not configured. When no webhook secret is set, skip stripe.webhooks.constructEvent (which always throws on empty secret) and parse the raw body directly — consistent with verifyWebhookSignature which is already lenient in this case.

• #834 7df6108 Thanks @IgorGanapolsky! - fix: lead with free CLI install as primary CTA, make Pro secondary

  10 visitors clicked "Start 7-day free trial" but 0 completed checkout because
  Stripe requires a credit card upfront. Flip the CTA strategy: lead with the
  zero-friction free CLI install (npx thumbgate init) as the hero action, and
  position Pro as the upgrade path once users hit free tier limits (3 captures/day).

  Changes:

  • Hero: npx thumbgate init is now the prominent hero element with enlarged
    copy-to-clipboard; "Install Free CLI" is the primary button; "Upgrade to Pro"
    is smaller and secondary
  • Sticky bottom bar: leads with npx thumbgate init copy command, "Go Pro" is
    a smaller secondary link
  • Final CTA section: install command and free CLI link are primary, Pro is
    secondary
  • Pricing section: Free tier gets cyan highlight border, "Most Popular" badge,
    and inline install command; Pro card border demoted
  • PostHog events updated: hero_install_click, hero_pro_click,
    sticky_pro_click, final_install_click, final_pro_click
  • Tests updated to match new CTA text patterns

• #661 bf9ae08 Thanks @IgorGanapolsky! - Fail Railway deploys early when the required THUMBGATE_API_KEY runtime secret is missing or empty.

• #783 b912807 Thanks @IgorGanapolsky! - Keep gate-denial audit events out of user-facing feedback statistics, including the local summary view, while preserving separate gate-event analytics for Reliability Gateway enforcement.

• #851 6972f40 Thanks @IgorGanapolsky! - Harden the GitHub CI release process by using the tested changeset checker in PR workflows, trimming duplicate npm publish validation, and adding slower npm registry propagation retries to package smoke tests.

• #665 588956d Thanks @IgorGanapolsky! - Prevent hosted boot crashes when operational integrity loads without git on the runtime image, and install git in the Railway container so integrity checks can execute after startup.

• #725 19417e1 Thanks @IgorGanapolsky! - Add Google Cloud agent safety framework alignment to public proof and LLM context surfaces.

• #653 5bbf039 Thanks @IgorGanapolsky! - Harden operational integrity git revision validation so unsafe refs and commit
  arguments are rejected before invoking git, and add regression coverage for the
  SonarCloud command-argument findings.

• #654 2043ab0 Thanks @IgorGanapolsky! - Refocus the public buyer path around the Workflow Hardening Sprint, align Team pricing and messaging with commercial truth, and add a first-dollar execution playbook plus warm outreach scripts for turning one qualified workflow into the next booked pilot.

• #689 0467bf1 Thanks @IgorGanapolsky! - Harden HTML sanitization in document-intake to resolve SonarCloud security hotspots, fix malformed tag handling, and restore SonarCloud branch protection CI config.

• #692 7f962ea Thanks @IgorGanapolsky! - Harden merge integrity enforcement, add branch protection tests to npm parity checks, fix SonarCloud gh CLI security findings.

• #752 f0de3f0 Thanks @IgorGanapolsky! - Rewrite the landing page hero to lead with pain, not solution category. New H1: 'Your AI agent just made that mistake again. One thumbs-down. It never happens again.' Concrete session 1 → session 2 before/after replaces consultant-speak. Primary CTA is now the install command. Title and meta description updated to match.

• #733 26f8b8e Thanks @IgorGanapolsky! - Add prominent "Install for Your Agent" sections to README and landing page with per-agent commands

• #664 c491470 Thanks @IgorGanapolsky! - Fix Claude Code statusline feedback counts when the hook runs from the ThumbGate runtime directory by honoring the session's project cwd.

• #791 67de961 Thanks @IgorGanapolsky! - Add prominent checkout CTAs to landing page hero, pricing card, final section, and sticky bottom bar

• #668 471f140 Thanks @IgorGanapolsky! - Serve llms.txt from public route without auth so LLM crawlers can discover ThumbGate

• #812 66277a7 Thanks @IgorGanapolsky! - feat(ci): autonomous marketing autopilot every 4 hours — video, text posts, Reddit, Dev.to

  • video-autopilot.yml: generates slide-based MP4 (6 rotating templates), posts to TikTok/YouTube/Instagram via Zernio every 4 hours with per-platform cooldowns
  • marketing-autopilot.yml: rewritten to fire every 4 hours (was Mon/Wed/Fri), all secrets wired (DEVTO_API_KEY, Reddit password OAuth, full X API), fixed reddit.publishToReddit() call, added Dev.to article step with 7-day dedup
  • marketing-db.js: SQLite dedup + analytics tracker prevents double-posting
  • post-video.js: full slide→ffmpeg→Zernio pipeline

• #839 4787185 Thanks @IgorGanapolsky! - Switch CLI upgrade link to no-card 7-day trial — 2,478 cloners seeing card-required checkout was killing conversion.

• #670 2b49a4a Thanks @IgorGanapolsky! - Retry published runtime smoke installs after transient npm registry propagation misses so successful releases do not fail their post-publish verification step.

• #825 e77aa38 Thanks @IgorGanapolsky! - Harden package and Claude plugin boundaries so generated runtime state cannot leak into npm tarballs and Claude plugin skill paths remain spec-compliant.

• #788 2e3bb77 Thanks @IgorGanapolsky! - Add a Perplexity Max command center for AI-search visibility checks, Search API lead discovery, Agent API acquisition briefs, and official Perplexity MCP config generation.

• #751 01bebb7 Thanks @IgorGanapolsky! - Wire PostHog analytics into the landing page for funnel visibility. Tracks four CTA events: workflow_sprint, install_codex, install_claude, and pro_upgrade. API key is now server-injected via the POSTHOG_API_KEY placeholder in hostedConfig, not hardcoded in the HTML.

• #806 4ce250d Thanks @IgorGanapolsky! - Add automatic $pageview tracking and PostHog reverse proxy for ad-blocker bypass

  • Added posthog.capture('$pageview') after init to track all landing page visits
  • Added /ingest reverse proxy route in server.js to forward PostHog events through own domain
  • Changed PostHog api_host from us.i.posthog.com to /ingest to bypass ad blockers

• #676 4aa3794 Thanks @IgorGanapolsky! - Harden merge integrity by blocking failed quality gates, syncing branch protection to the audited required checks, and verifying the legacy Stripe webhook signature path.

• #709 dadb030 Thanks @IgorGanapolsky! - Harden public pricing congruence checks so retired ThumbGate pricing experiments cannot reappear in buyer-facing docs.

• #696 46f7c4a Thanks @IgorGanapolsky! - Align Team pricing across the public landing page, README, marketing materials,
  runtime commercial constants, and congruence tests at $99/seat/mo with a 3-seat
  minimum.

• #691 d733437 Thanks @IgorGanapolsky! - Harden LLM rule generation with expert role framing, few-shot examples, and chain-of-thought reasoning; include what_went_wrong/what_to_change fields in batch context; upgrade to claude-sonnet-4-6 for rule analysis; add Stage 6 token-budget enforcement to compactContext; group toRules output by severity with action labels.

• #662 fdeffc9 Thanks @IgorGanapolsky! - Capture Railway service diagnostics on deploy health-check failures and add a manual Railway diagnostics workflow for restart, redeploy, and live log inspection.

• #778 1356942 Thanks @IgorGanapolsky! - Trim Ralph Mode X credentials before signing requests without logging credential prefixes in CI output.

• #771 93e351f Thanks @IgorGanapolsky! - Add Ralph Mode CI workflow for 24/7 automated engagement via GitHub Actions

• #795 cfeff43 Thanks @IgorGanapolsky! - Stop Ralph Mode from reporting failed X API posts or replies as successful audience-engagement actions.

• #848 804a284 Thanks @IgorGanapolsky! - Add npm publish receipt metadata and a downloadable full release-notes artifact to the publish workflow, so npm's bare "Successfully published" email can be reconciled with complete Changeset-backed release notes, tarball URL, shasum, and verification evidence.

• #837 4580274 Thanks @IgorGanapolsky! - Generate full Changeset-backed release notes during the npm publish workflow, write them into the GitHub Release, upload them as a release asset, and copy them into the GitHub Actions summary linked from npm's publish email.

• #693 2be9345 Thanks @IgorGanapolsky! - Restore clickable statusline affordances, harden localhost links, and restore statusline test parity.

• #686 c8a544d Thanks @IgorGanapolsky! - Block raw GitHub auto-merge paths and require terminal quality-check validation before autonomous PR merges.

• #828 a1828a9 Thanks @IgorGanapolsky! - Slim the npm package boundary by moving the package main entrypoint to src/index.js, publishing only runtime-required files, and adding tarball budget tests that block public marketing assets, plugin bundles, and social automation from shipping to npm.

• #658 f07c657 Thanks @IgorGanapolsky! - Stamp default-branch SonarCloud refreshes with a unique package-version-plus-commit identifier so mainline quality checks reset cleanly without weakening strict PR quality-gate enforcement.

• #677 52a51ed Thanks @IgorGanapolsky! - Add 3 pre-action gates for Microsoft SQL MCP Server: block delete_record, warn on execute_entity DDL, block bulk updates.

• #731 6e07853 Thanks @IgorGanapolsky! - Clarify the Claude statusbar lesson chip so it shows the latest mistake with a timestamp and deep link, and falls back to the latest success when no mistakes exist.

• #790 02fe6cb Thanks @IgorGanapolsky! - Scope statusline feedback stats to the active project and keep the Pre-Action Gates cross-encoder reranker covered by the root CI test suite.

• #772 382eeb7 Thanks @IgorGanapolsky! - Add an audited Stripe webhook signing-secret rotation workflow. The workflow creates a fresh billing webhook endpoint, stores the returned signing secret in GitHub Actions secrets, updates rotation timestamp variables, and keeps deploy-policy evidence aligned without exposing secret values.

• #663 62979f5 Thanks @IgorGanapolsky! - Skip Railway deploys when a main push only changes workflows, tests, or changesets and leaves runtime-serving files untouched.

• #813 46122d5 Thanks @IgorGanapolsky! - Add ThumbGate Bench, a deterministic pre-action gate benchmark with mock workflow scenarios, safety/capability metrics, report artifacts, documentation, and CI test coverage.

• #682 510b6e8 Thanks @IgorGanapolsky! - Split the short GitHub repo description from the richer landing-page meta description so GitHub About sync can succeed without weakening the website metadata.

• #695 251f24f Thanks @IgorGanapolsky! - Submit main-branch automerge requests to Trunk without polling helper workflow checks or waiting for a final merge commit inside GitHub Actions.

• #700 f8496e6 Thanks @IgorGanapolsky! - Treat Zernio monthly post-limit responses as controlled social-publisher skips so the daily acquisition workflow does not mark main unhealthy when the external posting budget is exhausted. Also isolate Trunk merge comment automation from shared personal access token rate limits.

Verification Standard

• Publish only runs from main after version sync, tests, and runtime proof pass.
• The npm package is smoke-tested after publish by installing thumbgate@VERSION in a clean runtime.
• GitHub Release notes are generated from Changesets, not only GitHub auto-generated PR titles.