chore: rename package to tollgate

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -6,7 +6,7 @@ body:
   - type: markdown
     attributes:
       value: |
-        Thanks for reporting a Toolgate issue. For security-sensitive billing or payment verification problems, email talha.korkmazeth@gmail.com instead of filing a public issue.
+        Thanks for reporting a Tollgate issue. For security-sensitive billing or payment verification problems, email hello@niceberglabs.com instead of filing a public issue.
   - type: input
     id: version
     attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,5 @@
 blank_issues_enabled: true
 contact_links:
   - name: Security report
-    url: mailto:talha.korkmazeth@gmail.com
+    url: mailto:hello@niceberglabs.com
     about: Please report billing, payment verification, duplicate-charge, or auth vulnerabilities privately.

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Contributing
 
-Thanks for helping improve Toolgate. This project is in developer preview, so small,
+Thanks for helping improve Tollgate. This project is in developer preview, so small,
 well-scoped changes are easiest to review.
 
 ## Local setup

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 Toolgate
+Copyright (c) 2025 Tollgate
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

PHASE3_INTEGRATION_NOTES.md

@@ -17,7 +17,7 @@ Phase 3 is focused on rail validation plus realistic MCP tool integration.
 ## Idempotency Key Source
 
 - All three examples derive the key from `requestId`
-- MCP adapter passes `idempotencyKey` through to ToolGate so duplicate MCP calls replay the original result instead of re-charging
+- MCP adapter passes `idempotencyKey` through to TollGate so duplicate MCP calls replay the original result instead of re-charging
 - Example format: `<toolName>:<callerId>:<requestId>`
 
 ## Fallback Implementation
@@ -41,7 +41,7 @@ Phase 3 is focused on rail validation plus realistic MCP tool integration.
 ## Rail Assumptions That Broke
 
 - MPP proof verification cannot be modeled as a boolean-only check; the execution path needs the verified amount in context
-- Verifying a rail payment before ToolGate sees idempotency can create a double-credit leak on duplicate calls
+- Verifying a rail payment before TollGate sees idempotency can create a double-credit leak on duplicate calls
 - Rail-backed failures are not the same as prepaid refunds; provisional credits must be reversed on failed or fallback results
 - x402 cannot assume a default facilitator URL
 - x402 verification and settlement are separate states; successful execution does not imply settlement certainty

README.md

@@ -1,6 +1,6 @@
-# Toolgate
+# Tollgate
 
-Toolgate is an open-source runtime for reliable paid or quota-limited MCP/tool calls.
+Tollgate is an open-source runtime for reliable paid or quota-limited MCP/tool calls.
 It handles fallback, idempotent retries, metering, recovery, and execution traces so
 tool calls do not break or double-charge on edge cases.
 
@@ -28,10 +28,10 @@ x402, MPP, wallets, webhooks, hosted APIs, or environment variables.
 ## Minimal usage
 
 ```ts
-import { ToolGate, InMemoryLedger, usd } from "@tkorkmaz/toolgate";
+import { TollGate, InMemoryLedger, usd } from "@niceberglabs/tollgate";
 
 const ledger = new InMemoryLedger();
-const gate = new ToolGate({ publisherKey: "tg_local_demo", ledger });
+const gate = new TollGate({ publisherKey: "tg_local_demo", ledger });
 
 const search = gate.paidTool({
   name: "premium_search",
@@ -64,9 +64,9 @@ await search({ query: "vector dbs", requestId: "r2" }, "caller-1");
 ## MCP usage
 
 ```ts
-import { ToolGate, createMcpAdapter, usd } from "@tkorkmaz/toolgate";
+import { TollGate, createMcpAdapter, usd } from "@niceberglabs/tollgate";
 
-const gate = new ToolGate({ publisherKey: "tg_local_demo" });
+const gate = new TollGate({ publisherKey: "tg_local_demo" });
 const mcp = createMcpAdapter(gate, {
   getCallerId: (_args, extra) => extra?.sessionId ?? "demo-user",
 });

SECURITY.md

@@ -1,6 +1,6 @@
 # Security Policy
 
-Toolgate handles paid or quota-limited tool-call flows, so security issues can affect billing,
+Tollgate handles paid or quota-limited tool-call flows, so security issues can affect billing,
 trace integrity, and payment recovery behavior.
 
 ## Supported versions
@@ -14,7 +14,7 @@ trace integrity, and payment recovery behavior.
 
 Please do not open a public issue for suspected vulnerabilities.
 
-Email: talha.korkmazeth@gmail.com
+Email: hello@niceberglabs.com
 
 Include:
 

api/package.json

@@ -1,18 +1,18 @@
 {
-  "name": "toolgate-api",
+  "name": "tollgate-api",
   "version": "0.1.0",
   "private": true,
-  "description": "Toolgate hosted ledger API — Cloudflare Worker",
+  "description": "Tollgate hosted ledger API — Cloudflare Worker",
   "type": "module",
   "scripts": {
     "dev": "wrangler dev",
     "deploy": "wrangler deploy",
-    "db:create": "wrangler d1 create toolgate-db",
-    "db:migrate:local": "wrangler d1 execute toolgate-db --local --file=./schema.sql",
-    "db:migrate:remote": "wrangler d1 execute toolgate-db --file=./schema.sql"
+    "db:create": "wrangler d1 create tollgate-db",
+    "db:migrate:local": "wrangler d1 execute tollgate-db --local --file=./schema.sql",
+    "db:migrate:remote": "wrangler d1 execute tollgate-db --file=./schema.sql"
   },
   "dependencies": {
-    "@tkorkmaz/toolgate": "^0.1.0-alpha.1",
+    "@niceberglabs/tollgate": "^0.3.0-beta.0",
     "hono": "^4.4.0",
     "stripe": "^17.7.0"
   },

api/src/index.ts

@@ -1,14 +1,14 @@
 import { Hono } from "hono";
 import { cors } from "hono/cors";
 import Stripe from "stripe";
-import { DbLedger, WebhookHandler } from "@tkorkmaz/toolgate";
+import { DbLedger, WebhookHandler } from "@niceberglabs/tollgate";
 
 // ─── Cloudflare Worker env bindings ──────────────────────
 
 export interface Env {
   DB: D1Database;
-  /** Publisher API key — set via: wrangler secret put TOOLGATE_PUBLISHER_KEY */
-  TOOLGATE_PUBLISHER_KEY: string;
+  /** Publisher API key — set via: wrangler secret put TOLLGATE_PUBLISHER_KEY */
+  TOLLGATE_PUBLISHER_KEY: string;
   /** Stripe test or live secret key */
   STRIPE_SECRET_KEY?: string;
   /** Stripe webhook signing secret (whsec_...) */
@@ -48,10 +48,10 @@ app.use("*", cors({ origin: "*", allowMethods: ["GET", "POST", "OPTIONS"] }));
 // ─── Auth middleware ──────────────────────────────────────
 
 async function requireAuth(c: any, next: any) {
-  const key = c.req.header("x-toolgate-key");
-  if (!key || key !== c.env.TOOLGATE_PUBLISHER_KEY) {
+  const key = c.req.header("x-tollgate-key");
+  if (!key || key !== c.env.TOLLGATE_PUBLISHER_KEY) {
     return c.json(
-      { error: "Unauthorized. Provide X-Toolgate-Key header." },
+      { error: "Unauthorized. Provide X-Tollgate-Key header." },
       401,
     );
   }
@@ -102,10 +102,10 @@ app.post("/api/topup", requireAuth, async (c) => {
 
   const amountCents = selectTopUpAmountCents(requiredAmountUsd);
   const successUrl =
-    c.env.TOP_UP_SUCCESS_URL ?? "https://main.toolgate.pages.dev?topup=success";
+    c.env.TOP_UP_SUCCESS_URL ?? "https://main.tollgate.pages.dev?topup=success";
   const cancelUrl =
     c.env.TOP_UP_CANCEL_URL ??
-    "https://main.toolgate.pages.dev?topup=cancelled";
+    "https://main.tollgate.pages.dev?topup=cancelled";
 
   const session = await stripe.checkout.sessions.create({
     mode: "payment",
@@ -115,17 +115,17 @@ app.post("/api/topup", requireAuth, async (c) => {
           currency: "usd",
           unit_amount: amountCents,
           product_data: {
-            name: "Toolgate Balance Top-Up",
-            description: `$${(amountCents / 100).toFixed(2)} added to your Toolgate balance`,
+            name: "Tollgate Balance Top-Up",
+            description: `$${(amountCents / 100).toFixed(2)} added to your Tollgate balance`,
           },
         },
         quantity: 1,
       },
     ],
     metadata: {
-      toolgate_caller_id: callerId,
-      toolgate_publisher_id: c.env.TOOLGATE_PUBLISHER_KEY,
-      toolgate_amount_cents: String(amountCents),
+      tollgate_caller_id: callerId,
+      tollgate_publisher_id: c.env.TOLLGATE_PUBLISHER_KEY,
+      tollgate_amount_cents: String(amountCents),
     },
     success_url: `${successUrl}&session_id={CHECKOUT_SESSION_ID}&caller_id=${encodeURIComponent(callerId)}`,
     cancel_url: cancelUrl,
@@ -205,7 +205,7 @@ app.get("/api/stats", requireAuth, async (c) => {
     revenue_usd: revenueRow?.total ?? 0,
     paid_calls: callsRow?.count ?? 0,
     active_callers: callersRow?.count ?? 0,
-    publisher_key: c.env.TOOLGATE_PUBLISHER_KEY.slice(0, 12) + "…",
+    publisher_key: c.env.TOLLGATE_PUBLISHER_KEY.slice(0, 12) + "…",
   });
 });
 
@@ -214,7 +214,7 @@ app.get("/api/stats", requireAuth, async (c) => {
 
 app.post("/api/keys", requireAuth, async (c) => {
   return c.json({
-    publisher_key: c.env.TOOLGATE_PUBLISHER_KEY,
+    publisher_key: c.env.TOLLGATE_PUBLISHER_KEY,
     note: "Alpha: single-publisher mode. Multi-publisher support coming in Sprint B.",
   });
 });
@@ -228,7 +228,7 @@ app.post("/api/keys", requireAuth, async (c) => {
 app.get("/pay", async (c) => {
   if (!c.env.STRIPE_SECRET_KEY) {
     return c.text(
-      "Payment not yet configured. Visit https://main.toolgate.pages.dev for setup instructions.",
+      "Payment not yet configured. Visit https://main.tollgate.pages.dev for setup instructions.",
       503,
     );
   }
@@ -238,7 +238,7 @@ app.get("/pay", async (c) => {
   const amountStr = c.req.query("amount");
 
   // Validate publisher key (constant-time comparison not needed — alpha only)
-  if (!publisher || publisher !== c.env.TOOLGATE_PUBLISHER_KEY) {
+  if (!publisher || publisher !== c.env.TOLLGATE_PUBLISHER_KEY) {
     return c.text("Invalid publisher key.", 400);
   }
   if (!caller || caller.trim().length === 0) {
@@ -257,10 +257,10 @@ app.get("/pay", async (c) => {
   });
 
   const successUrl =
-    c.env.TOP_UP_SUCCESS_URL ?? "https://main.toolgate.pages.dev?topup=success";
+    c.env.TOP_UP_SUCCESS_URL ?? "https://main.tollgate.pages.dev?topup=success";
   const cancelUrl =
     c.env.TOP_UP_CANCEL_URL ??
-    "https://main.toolgate.pages.dev?topup=cancelled";
+    "https://main.tollgate.pages.dev?topup=cancelled";
 
   const session = await stripe.checkout.sessions.create({
     mode: "payment",
@@ -270,17 +270,17 @@ app.get("/pay", async (c) => {
           currency: "usd",
           unit_amount: amountCents,
           product_data: {
-            name: "Toolgate Balance Top-Up",
-            description: `$${(amountCents / 100).toFixed(2)} added to your Toolgate balance`,
+            name: "Tollgate Balance Top-Up",
+            description: `$${(amountCents / 100).toFixed(2)} added to your Tollgate balance`,
           },
         },
         quantity: 1,
       },
     ],
     metadata: {
-      toolgate_caller_id: caller,
-      toolgate_publisher_id: publisher,
-      toolgate_amount_cents: String(amountCents),
+      tollgate_caller_id: caller,
+      tollgate_publisher_id: publisher,
+      tollgate_amount_cents: String(amountCents),
     },
     success_url: `${successUrl}&session_id={CHECKOUT_SESSION_ID}&caller_id=${encodeURIComponent(caller)}`,
     cancel_url: cancelUrl,
@@ -297,7 +297,7 @@ app.get("/pay", async (c) => {
 
 app.get("/", (c) =>
   c.json({
-    service: "toolgate-api",
+    service: "tollgate-api",
     version: "0.1.0-alpha.1",
     endpoints: [
       "GET  /pay                (browser top-up redirect → Stripe Checkout)",

api/wrangler.toml.example

@@ -1,4 +1,4 @@
-name = "toolgate-api"
+name = "tollgate-api"
 main = "src/index.ts"
 compatibility_date = "2024-09-23"
 compatibility_flags = ["nodejs_compat"]

docs/ADVANCED_SCENARIOS.md

@@ -100,7 +100,7 @@ npm run scenario:x402-testnet
 
 The flow separates challenge generation from payment proof creation:
 
-- `challenge.mjs` produces the Toolgate-generated x402 challenge.
+- `challenge.mjs` produces the Tollgate-generated x402 challenge.
 - `sign-payload.mjs` produces the x402 client or signer-generated proof.
 - `scenario:x402-testnet` validates verify, settle, duplicate replay, fallback, and recovery behavior.
 
@@ -120,9 +120,9 @@ The flow separates challenge generation from payment proof creation:
 By default, payment-required responses can include a top-up URL. To use your own endpoint:
 
 ```ts
-const gate = new ToolGate({
+const gate = new TollGate({
   publisherKey: "tg_your_key",
-  topUpBaseUrl: "https://api.yourapp.com/toolgate/pay",
+  topUpBaseUrl: "https://api.yourapp.com/tollgate/pay",
 });
 ```
 
@@ -131,7 +131,7 @@ checkout or payment flow.
 
 ## Firecrawl integration
 
-The Firecrawl integration lives in `integrations/firecrawl-mcp-toolgate/`.
+The Firecrawl integration lives in `integrations/firecrawl-mcp-tollgate/`.
 
 - `scenario-fake.mjs`: deterministic regression coverage.
 - `scenario-live.mjs`: live Firecrawl API path.

docs/DEMO_USE_CASE.md

@@ -5,7 +5,7 @@ Use a paid search / scraping / enrichment tool as the first public demo.
 The clearest story is a Firecrawl-style extraction wrapper:
 
 1. Caller asks for a premium extraction.
-2. Caller has no balance, so Toolgate serves a fallback summary instead of failing hard.
+2. Caller has no balance, so Tollgate serves a fallback summary instead of failing hard.
 3. Caller receives `payment_required` when the tool is configured to block.
 4. Caller is credited locally for the demo.
 5. Premium extraction runs and returns a prepaid receipt.

docs/KNOWN_LIMITATIONS.md

@@ -1,6 +1,6 @@
 # Known Limitations
 
-Toolgate is a developer preview. It is useful today for local-first demos, single-process
+Tollgate is a developer preview. It is useful today for local-first demos, single-process
 prototypes, and design-partner evaluation, but several production boundaries are intentional.
 
 ## Durable idempotency
@@ -52,7 +52,7 @@ as integration scaffolding until exercised against a live provider.
 
 ## Hosted product surface
 
-Toolgate currently ships as an open-source runtime. It does not yet include:
+Tollgate currently ships as an open-source runtime. It does not yet include:
 
 - hosted dashboard,
 - multi-tenant hosted ledger,