thumbgate 1.1.0 → 1.2.0

package/public/compare.html

@@ -0,0 +1,302 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Best Pre-Action Gate Tools for AI Coding Agents (2026 Comparison)</title>
+<!-- Privacy-friendly analytics by Plausible -->
+<script defer data-domain="rlhf-feedback-loop-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="Compare pre-action gate tools that prevent AI coding agents from making costly mistakes. ThumbGate vs manual review vs post-hoc fixes.">
+<meta name="keywords" content="AI agent safety, pre-action gates, AI coding agent comparison, ThumbGate vs manual review, AI agent guardrails, PreToolUse hooks, Claude Code safety, Codex safety, Gemini safety, Cursor rules alternative">
+<meta property="og:title" content="Best Pre-Action Gate Tools for AI Coding Agents (2026 Comparison)">
+<meta property="og:description" content="Compare pre-action gate tools that prevent AI coding agents from making costly mistakes. ThumbGate vs manual review vs post-hoc fixes.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate-production.up.railway.app/compare">
+<link rel="canonical" href="https://thumbgate-production.up.railway.app/compare">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Best Pre-Action Gate Tools for AI Coding Agents (2026 Comparison)",
+  "description": "Compare pre-action gate tools that prevent AI coding agents from making costly mistakes. ThumbGate vs manual review vs post-hoc fixes vs Cursor rules vs linters.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate-production.up.railway.app"
+  },
+  "datePublished": "2026-04-08",
+  "dateModified": "2026-04-08",
+  "mainEntityOfPage": "https://thumbgate-production.up.railway.app/compare"
+}
+</script>
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "What is a pre-action gate for AI coding agents?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "A pre-action gate is an enforcement layer that intercepts AI agent tool calls before they execute. Unlike prompt rules that agents can ignore, pre-action gates physically block dangerous actions such as force-pushing to main, deleting production files, or committing code with failing tests. ThumbGate implements pre-action gates via PreToolUse hooks that fire before every tool call."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Does ThumbGate work with Claude Code?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Yes. ThumbGate works with Claude Code, Cursor, Codex, Gemini CLI, Amp, OpenCode, and any MCP-compatible agent. Run npx thumbgate init --agent claude-code to auto-configure PreToolUse hooks in your .claude/settings.json."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Is ThumbGate free?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "ThumbGate has a free tier that includes local enforcement with 5 daily feedback captures, 10 lesson searches, unlimited recall, blocking, and history-aware lesson distillation. Pro ($19/mo or $149/yr) adds a personal local dashboard and DPO export. Team rollout ($12/seat/mo) adds a shared lesson database and org dashboard."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "How is ThumbGate different from .cursorrules or CLAUDE.md rules?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Cursor rules and CLAUDE.md are prompt-level instructions that the AI agent can read, forget, or override. ThumbGate enforces rules at the tool-call level via PreToolUse hooks. When a tool call matches a known failure pattern, it is physically blocked before execution. Additionally, ThumbGate auto-generates prevention rules from feedback, so you never have to write rules manually."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Can ThumbGate learn from mistakes automatically?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Yes. When your AI agent makes a mistake, you give a thumbs-down with context. After repeated failures with the same pattern, ThumbGate auto-generates a prevention rule and wires it as a pre-action gate. Gates adapt their sensitivity over time using Thompson Sampling, a Bayesian multi-armed bandit algorithm."
+      }
+    }
+  ]
+}
+</script>
+
+<style>
+  *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
+  :root {
+    --bg: #0a0a0b;
+    --bg-card: #161618;
+    --border: #222225;
+    --text: #e8e8ec;
+    --muted: #8b8b94;
+    --cyan: #22d3ee;
+    --green: #34d399;
+    --red: #f87171;
+  }
+  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg); color: var(--text); line-height: 1.7; }
+  .container { max-width: 780px; margin: 0 auto; padding: 2rem 1.5rem 4rem; }
+  nav { padding: 1rem 2rem; border-bottom: 1px solid var(--border); display: flex; gap: 1.5rem; align-items: center; }
+  nav a { color: var(--muted); text-decoration: none; font-size: 0.9rem; }
+  nav a:hover { color: var(--cyan); }
+  nav .brand { color: var(--text); font-weight: 700; font-size: 1.1rem; }
+  h1 { font-size: 2.2rem; line-height: 1.2; margin: 2rem 0 1rem; }
+  h2 { font-size: 1.5rem; margin: 2.5rem 0 1rem; color: var(--cyan); }
+  h3 { font-size: 1.15rem; margin: 1.5rem 0 0.5rem; }
+  p, li { color: var(--text); margin-bottom: 0.75rem; }
+  ul { padding-left: 1.5rem; }
+  li { margin-bottom: 0.5rem; }
+  code { background: #1a1a1e; padding: 0.15em 0.4em; border-radius: 4px; font-size: 0.9em; color: var(--cyan); }
+  pre { background: #111113; border: 1px solid var(--border); border-radius: 8px; padding: 1rem; overflow-x: auto; margin: 1rem 0; }
+  pre code { background: none; padding: 0; color: var(--text); }
+  .highlight { color: var(--cyan); }
+  .card { background: var(--bg-card); border: 1px solid var(--border); border-radius: 12px; padding: 1.5rem; margin: 1.5rem 0; }
+  .comparison-table { width: 100%; border-collapse: collapse; margin: 1.5rem 0; font-size: 0.9rem; }
+  .comparison-table th, .comparison-table td { padding: 0.75rem; border: 1px solid var(--border); text-align: left; }
+  .comparison-table th { background: #111113; color: var(--cyan); }
+  .comparison-table td:first-child { font-weight: 600; }
+  .yes { color: var(--green); }
+  .no { color: var(--red); }
+  .partial { color: #fbbf24; }
+  .cta { display: inline-block; background: var(--cyan); color: #000; padding: 0.75rem 1.5rem; border-radius: 8px; text-decoration: none; font-weight: 600; margin: 1rem 0; }
+  .cta:hover { opacity: 0.9; }
+  .breadcrumb { color: var(--muted); font-size: 0.85rem; margin-bottom: 0.5rem; }
+  .breadcrumb a { color: var(--muted); }
+  .step-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); gap: 1rem; margin: 1.5rem 0; }
+  .step-card { background: var(--bg-card); border: 1px solid var(--border); border-radius: 12px; padding: 1.25rem; }
+  .step-card .step-number { color: var(--cyan); font-weight: 700; font-size: 1.5rem; margin-bottom: 0.5rem; }
+  .step-card h3 { margin-top: 0; }
+  footer { border-top: 1px solid var(--border); padding: 2rem; text-align: center; color: var(--muted); font-size: 0.85rem; }
+  footer a { color: var(--muted); text-decoration: underline; }
+  @media (max-width: 600px) { h1 { font-size: 1.6rem; } .container { padding: 1rem; } .comparison-table { font-size: 0.8rem; } .comparison-table th, .comparison-table td { padding: 0.5rem; } }
+</style>
+</head>
+<body>
+<nav>
+  <a href="/" class="brand">ThumbGate</a>
+  <a href="/guide">Guide</a>
+  <a href="/compare">Compare</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate">GitHub</a>
+</nav>
+
+<div class="container">
+<p class="breadcrumb"><a href="/">Home</a> / Compare</p>
+
+<h1>Best Pre-Action Gate Tools for AI Coding Agents (2026 Comparison)</h1>
+<p style="color:var(--muted);">Your AI coding agent force-pushed to main again. Which tool actually prevents that? We compared the five most common approaches to AI agent safety.</p>
+
+<h2>Comparison Table</h2>
+<div style="overflow-x:auto;">
+<table class="comparison-table">
+  <tr>
+    <th>Feature</th>
+    <th>ThumbGate</th>
+    <th>Manual Code Review</th>
+    <th>Post-hoc Git Revert</th>
+    <th>Cursor Rules / .cursorrules</th>
+    <th>ESLint / Linters</th>
+  </tr>
+  <tr>
+    <td>Blocks bad actions before execution</td>
+    <td class="yes">Yes -- PreToolUse hooks</td>
+    <td class="partial">Partially -- after PR only</td>
+    <td class="no">No -- damage already done</td>
+    <td class="partial">Partially -- suggestions only</td>
+    <td class="partial">Partially -- static checks only</td>
+  </tr>
+  <tr>
+    <td>Learns from past mistakes</td>
+    <td class="yes">Yes -- auto-generates rules from feedback</td>
+    <td class="no">No -- relies on reviewer memory</td>
+    <td class="no">No</td>
+    <td class="no">No -- rules are hand-written</td>
+    <td class="no">No -- rules are hand-written</td>
+  </tr>
+  <tr>
+    <td>Works with Claude / Codex / Gemini / Forge</td>
+    <td class="yes">Yes -- all MCP-compatible agents</td>
+    <td class="yes">Yes -- agent-agnostic</td>
+    <td class="yes">Yes -- agent-agnostic</td>
+    <td class="partial">Cursor only</td>
+    <td class="partial">Partial -- code-level only</td>
+  </tr>
+  <tr>
+    <td>Zero config setup</td>
+    <td class="yes">Yes -- <code>npx thumbgate init</code></td>
+    <td class="no">No -- requires process + people</td>
+    <td class="no">No -- manual intervention each time</td>
+    <td class="partial">Partial -- requires writing rules</td>
+    <td class="partial">Partial -- requires config + plugins</td>
+  </tr>
+  <tr>
+    <td>Captures feedback for improvement</td>
+    <td class="yes">Yes -- thumbs up/down with context</td>
+    <td class="partial">Partial -- PR comments only</td>
+    <td class="no">No</td>
+    <td class="no">No</td>
+    <td class="no">No</td>
+  </tr>
+  <tr>
+    <td>Generates prevention rules automatically</td>
+    <td class="yes">Yes -- from repeated failure patterns</td>
+    <td class="no">No</td>
+    <td class="no">No</td>
+    <td class="no">No</td>
+    <td class="no">No</td>
+  </tr>
+  <tr>
+    <td>Real-time pre-action gates</td>
+    <td class="yes">Yes -- fires before every tool call</td>
+    <td class="no">No -- asynchronous review</td>
+    <td class="no">No -- reactive only</td>
+    <td class="no">No -- prompt-time only</td>
+    <td class="no">No -- build-time only</td>
+  </tr>
+  <tr>
+    <td>Cost</td>
+    <td>Free tier + Pro $19/mo</td>
+    <td>Engineer time per review</td>
+    <td>Time lost + recovery cost</td>
+    <td>Free</td>
+    <td>Free (open source)</td>
+  </tr>
+</table>
+</div>
+
+<h2>Why ThumbGate Wins</h2>
+<ul>
+  <li><strong>Enforcement, not suggestions.</strong> Prompt rules in CLAUDE.md or .cursorrules are instructions the agent can ignore. ThumbGate intercepts tool calls at the PreToolUse hook level and physically blocks dangerous actions before they execute.</li>
+  <li><strong>Learns and adapts automatically.</strong> Every thumbs-down becomes a data point. After repeated failures with the same pattern, ThumbGate auto-generates a prevention rule. Gates adapt their sensitivity over time using Thompson Sampling -- aggressive gates that over-block get tuned down, effective gates get reinforced.</li>
+  <li><strong>Works across all major AI coding agents.</strong> One install command covers Claude Code, Cursor, Codex, Gemini CLI, Amp, and OpenCode. No per-agent configuration needed.</li>
+  <li><strong>Prevention is cheaper than recovery.</strong> Manual code review catches mistakes after the PR. Git revert catches them after the push. ThumbGate catches them before the tool call executes -- saving the time, context switches, and cleanup cost of undoing damage.</li>
+</ul>
+
+<h2>How It Works</h2>
+<div class="step-grid">
+  <div class="step-card">
+    <div class="step-number">1</div>
+    <h3>Install</h3>
+    <p>Run <code>npx thumbgate init</code>. ThumbGate auto-detects your AI coding agent and configures PreToolUse hooks. No manual setup needed.</p>
+  </div>
+  <div class="step-card">
+    <div class="step-number">2</div>
+    <h3>Gate</h3>
+    <p>Every tool call your agent makes passes through a pre-action gate. Known-bad patterns are blocked before execution. Good actions pass through instantly.</p>
+  </div>
+  <div class="step-card">
+    <div class="step-number">3</div>
+    <h3>Learn</h3>
+    <p>When your agent makes a mistake, give it a thumbs-down. ThumbGate captures the feedback and auto-generates prevention rules from repeated failures.</p>
+  </div>
+</div>
+
+<h2>Get Started</h2>
+<div class="card">
+  <p>Install ThumbGate in one command:</p>
+  <pre><code>npx thumbgate init</code></pre>
+  <p>Then start giving feedback. ThumbGate handles the rest.</p>
+  <p>
+    <a href="https://www.npmjs.com/package/thumbgate" class="cta">View on npm</a>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate" style="color:var(--cyan); margin-left:1.5rem; text-decoration:underline;">View on GitHub</a>
+  </p>
+</div>
+
+<h2>Frequently Asked Questions</h2>
+
+<div class="card">
+  <h3>What is a pre-action gate?</h3>
+  <p>A pre-action gate is an enforcement layer that intercepts AI agent tool calls before they execute. Unlike prompt rules that agents can ignore, pre-action gates physically block dangerous actions such as force-pushing to main, deleting production files, or committing code with failing tests.</p>
+</div>
+
+<div class="card">
+  <h3>Does ThumbGate work with Claude Code?</h3>
+  <p>Yes. ThumbGate works with Claude Code, Cursor, Codex, Gemini CLI, Amp, OpenCode, and any MCP-compatible agent. Run <code>npx thumbgate init --agent claude-code</code> to auto-configure PreToolUse hooks.</p>
+</div>
+
+<div class="card">
+  <h3>Is ThumbGate free?</h3>
+  <p>ThumbGate has a free tier that includes local enforcement with 5 daily feedback captures, 10 lesson searches, unlimited recall, and pre-action gate blocking. Pro ($19/mo or $149/yr) adds a personal local dashboard and DPO export. Team rollout ($12/seat/mo) adds a shared lesson database and org dashboard.</p>
+</div>
+
+<div class="card">
+  <h3>How is ThumbGate different from .cursorrules or CLAUDE.md rules?</h3>
+  <p>Cursor rules and CLAUDE.md are prompt-level instructions that the AI agent can read, forget, or override. ThumbGate enforces rules at the tool-call level via PreToolUse hooks. When a tool call matches a known failure pattern, it is physically blocked before execution. Additionally, ThumbGate auto-generates prevention rules from feedback -- no manual rule writing.</p>
+</div>
+
+<div class="card">
+  <h3>Can ThumbGate learn from mistakes automatically?</h3>
+  <p>Yes. When your AI agent makes a mistake, give a thumbs-down with context. After repeated failures with the same pattern, ThumbGate auto-generates a prevention rule and wires it as a pre-action gate. Gates adapt over time using Thompson Sampling, a Bayesian multi-armed bandit algorithm.</p>
+</div>
+
+</div>
+
+<footer>
+  <p>ThumbGate -- Pre-action gates for AI coding agents</p>
+  <p><a href="https://github.com/IgorGanapolsky/ThumbGate">GitHub</a> | <a href="https://www.npmjs.com/package/thumbgate">npm</a> | <a href="/guide">Guide</a> | <a href="/dashboard">Dashboard</a></p>
+</footer>
+</body>
+</html>

package/public/index.html

@@ -20,9 +20,9 @@
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 __GOOGLE_SITE_VERIFICATION_META__
 <title>ThumbGate — Self-improving AI coding agents that learn from every mistake</title>
-<meta name="description" content="Pre-action gates for AI coding agents. 👎 Thumbs down → prevention rule → mistake permanently blocked. 👍 Thumbs up → pattern reinforced. History-aware lessons from your corrections. Team adds shared lessons and org visibility.">
+<meta name="description" content="Pre-action gates and workflow governance for AI coding agents. 👎 Thumbs down → prevention rule → mistake permanently blocked. 👍 Thumbs up → pattern reinforced. History-aware lessons from your corrections. Risky local runs can route into Docker Sandboxes. Team adds shared lessons and org visibility, plus isolated execution guidance.">
 <meta property="og:title" content="ThumbGate — Self-improving AI coding agents that learn from every mistake">
-<meta property="og:description" content="Pre-action gates for AI coding agents. 👎 Thumbs down → prevention rule → mistake permanently blocked. 👍 Thumbs up → pattern reinforced. History-aware lessons from your corrections. Team adds shared lessons and org visibility.">
+<meta property="og:description" content="Pre-action gates and workflow governance for AI coding agents. 👎 Thumbs down → prevention rule → mistake permanently blocked. 👍 Thumbs up → pattern reinforced. History-aware lessons from your corrections. Risky local runs can route into Docker Sandboxes. Team adds shared lessons and org visibility, plus isolated execution guidance.">
 <meta property="og:type" content="website">
 <meta name="keywords" content="ThumbGate, thumbgate, self-improving AI agents, AI agent self-improvement, AI agent learning, AI agent memory, pre-action gates, human-in-the-loop, MCP server, Claude Code, Cursor, Codex, Gemini, Amp, OpenCode, vibe coding safety, SpecLock alternative, Mem0 alternative, AI coding agent feedback loop, PreToolUse hooks, prevention rules, feedback enforcement, context engineering">
 
@@ -44,7 +44,7 @@ __GA_BOOTSTRAP__
   "@type": "SoftwareApplication",
   "name": "ThumbGate",
   "alternateName": "thumbgate",
-  "description": "Make your AI coding agent self-improving. Every mistake becomes a prevention rule. Every correction makes it permanently smarter. Turns feedback into enforcement — your agent gets better with every session.",
+  "description": "Make your AI coding agent self-improving. Every mistake becomes a prevention rule. Every correction makes it permanently smarter. ThumbGate adds workflow governance and isolated execution guidance so high-risk runs do not have to happen directly on the host.",
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "Cross-platform, Node.js >=18.18.0",
   "license": "https://opensource.org/licenses/MIT",
@@ -59,6 +59,9 @@ __GA_BOOTSTRAP__
   },
   "featureList": [
     "Pre-Action Gates — block known-bad tool calls before execution",
+    "Workflow Sentinel — score blast radius before PR, merge, release, and publish actions fire",
+    "Docker Sandboxes routing — move high-risk local runs into isolated microVM-backed execution",
+    "Hosted sandbox dispatch — signed isolated lane for team automations",
     "Domain Skill Packs — Stripe, Railway, database migration best practices",
     "Progressive Disclosure — 82% token savings with 3-tier L1/L2/L3 loading",
     "Hallucination Detection — decomposes claims into verifiable sub-claims",
@@ -97,7 +100,7 @@ __GA_BOOTSTRAP__
     {
       "@type": "Offer",
       "name": "Team",
-      "description": "Shared enforcement memory, review visibility, org dashboard, and pilot rollout support for teams shipping AI-generated changes",
+      "description": "Shared enforcement memory, review visibility, org dashboard, Docker Sandboxes guidance for risky local autonomy, and pilot rollout support for teams shipping AI-generated changes",
       "url": "https://thumbgate-production.up.railway.app/#workflow-sprint-intake"
     }
   ]
@@ -178,6 +181,14 @@ __GA_BOOTSTRAP__
         "text": "Claude Code, Cursor, Codex, Gemini CLI, Amp, OpenCode, and any MCP-compatible agent."
       }
     },
+    {
+      "@type": "Question",
+      "name": "How does ThumbGate reduce host blast radius for high-risk local runs?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "ThumbGate combines pre-action gates with execution guidance. Workflow Sentinel predicts risky local actions before they execute, and high-risk runs can be routed into Docker Sandboxes instead of running directly on the host. Team workflows also have a signed hosted sandbox lane for isolated automation dispatch."
+      }
+    },
     {
       "@type": "Question",
       "name": "How are pre-action gates different from prompt rules?",
@@ -419,6 +430,7 @@ __GA_BOOTSTRAP__
       <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
       <a href="/guide">Setup Guide</a>
       <a href="/learn">Learn</a>
+      <a href="/compare">Compare</a>
       <a href="/dashboard">Dashboard Demo</a>
       <a href="/pro?utm_source=website&utm_medium=homepage_nav&utm_campaign=pro_page" class="nav-cta">See Pro</a>
     </div>
@@ -429,19 +441,19 @@ __GA_BOOTSTRAP__
 <section class="hero">
   <div class="container">
     <div class="hero-thumbs">👍👎</div>
-    <div class="hero-badge">● Self-improving AI agents — every mistake makes it smarter</div>
+    <div class="hero-badge">● Self-improving AI agents with workflow governance and isolated execution</div>
     <h1>Your AI agent learns<br>from every mistake.</h1>
     <div class="hero-signals">
       <div class="signal-pill signal-down">👎 Mistake becomes a prevention rule — permanently blocked</div>
       <div class="signal-pill signal-up">👍 Good pattern reinforced — reused across sessions</div>
     </div>
-    <p class="hero-persona">For developers using Claude Code, Cursor, Codex, Gemini, Amp, and OpenCode who want their AI agent to actually get better over time — not repeat the same mistakes every session.</p>
-    <p><strong>The self-improvement loop:</strong> Your agent makes a mistake → you give a thumbs-down → ThumbGate auto-generates a prevention rule → a gate physically blocks that mistake from ever happening again. Your agent gets permanently smarter with every correction. No model retraining. No prompt hacking. Just enforcement that compounds.</p>
+    <p class="hero-persona">For developers using Claude Code, Cursor, Codex, Gemini, Amp, and OpenCode who want their AI agent to actually get better over time — and for teams that need the riskiest runs governed before they touch shared repos or the host machine.</p>
+    <p><strong>The self-improvement loop:</strong> Your agent makes a mistake → you give a thumbs-down → ThumbGate auto-generates a prevention rule → a gate physically blocks that mistake from ever happening again. Your agent gets permanently smarter with every correction. No model retraining. No prompt hacking. Just enforcement that compounds, plus isolated execution guidance when autonomy gets risky.</p>
     <div class="hero-actions">
       <a href="/pro?utm_source=website&utm_medium=homepage_hero&utm_campaign=pro_page" class="btn-pro-page">See Pro for individual operators</a>
       <a href="/dashboard?utm_source=website&utm_medium=homepage_hero&utm_campaign=demo" class="btn-demo-link">Open dashboard demo</a>
     </div>
-    <p class="hero-paid-note"><strong>Paid path:</strong> Free stays the local install lane. Pro is the buyer-ready page for your personal local dashboard, DPO export, and review-ready evidence.</p>
+    <p class="hero-paid-note"><strong>Paid path:</strong> Free stays the local install lane. Pro is the buyer-ready page for your personal local dashboard, DPO export, and review-ready evidence. Team adds shared workflow governance, org proof, and isolated execution guidance for high-risk runs.</p>
     <div class="hero-install" onclick="copyInstall(this)" title="Click to copy">
       <span class="prompt">$</span>
       <span class="cmd">npx thumbgate init</span>
@@ -508,6 +520,10 @@ __GA_BOOTSTRAP__
         <h3>📊 Org Dashboard (Pro)</h3>
         <p>See which agents are creating review churn, which gates are saving time, and where rollout risk is still concentrated.</p>
       </div>
+      <div class="agent-card">
+        <h3>🧱 Isolated Execution Lanes</h3>
+        <p>High-risk local autonomy can route into Docker Sandboxes, while hosted team automations use a signed sandbox dispatch lane instead of running loose on a shared host.</p>
+      </div>
       <div class="agent-card">
         <h3>🧪 Thompson Sampling</h3>
         <p>Confidence tiers (none/low/medium/high) tell you when to trust the model vs fall back to rules. No guessing.</p>
@@ -580,7 +596,7 @@ __GA_BOOTSTRAP__
 <!-- HOW IT WORKS -->
 <section class="how-it-works" id="how-it-works">
   <div class="container">
-    <div class="section-label">New in v1.1.0</div>
+    <div class="section-label">New in v1.2.0</div>
     <h2 class="section-title">Three steps to stop repeated AI failures</h2>
     <div class="steps">
       <div class="step">
@@ -625,6 +641,10 @@ __GA_BOOTSTRAP__
         <h3>Log everything, learn automatically</h3>
         <p>Repeated failures auto-promote to gates. Org dashboard shows all agents.</p>
       </div>
+      <div class="agent-card">
+        <h3>Keep risky runs off the host</h3>
+        <p>When Workflow Sentinel predicts a risky local action, ThumbGate can recommend Docker Sandboxes before the agent touches the host filesystem or broader credentials.</p>
+      </div>
     </div>
   </div>
 </section>
@@ -728,6 +748,8 @@ __GA_BOOTSTRAP__
           <li>Org dashboard — active agents, gate hit rates, risk agents, and proof-backed team metrics in one place</li>
           <li>Hosted review views — constrained cards, lists, and callouts for rollout, incident, and audit visibility</li>
           <li>Gate template library — pre-built guardrails for force-pushes, skipped tests, destructive SQL, and evidence-before-done</li>
+          <li>Docker Sandboxes guidance — route risky local autonomy into an isolated microVM-backed lane instead of running it directly on a shared host</li>
+          <li>Signed hosted sandbox dispatch — isolated execution path for team automations that do not need repo-bound local access</li>
           <li>Workflow proof sprint — pilot one painful workflow first, then expand once the before/after evidence is real</li>
           <li>Rollout attribution stays tied to the team funnel instead of disappearing into generic referral traffic</li>
         </ul>
@@ -783,6 +805,10 @@ __GA_BOOTSTRAP__
         <div class="faq-q" role="button" tabindex="0" aria-expanded="false" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)">What AI agents and editors does this work with?</div>
         <div class="faq-a">ThumbGate works with Claude Code, Cursor, Codex, Gemini CLI, Amp, OpenCode, and any other MCP-compatible agent. Cursor ships with a plugin bundle in this repo. Codex ships with a repo-local app plugin profile. VS Code works when you run an MCP-compatible agent inside it, but this repo does not ship a standalone VS Code extension today.</div>
       </div>
+      <div class="faq-item">
+        <button class="faq-q" type="button" aria-expanded="false" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)">How do we keep high-risk autonomous runs off the host?</button>
+        <div class="faq-a">ThumbGate is the control plane, not just a prompt layer. Workflow Sentinel predicts blast radius before execution, and risky local autonomy can be routed into Docker Sandboxes instead of running directly on the host. Team workflows also have a signed hosted sandbox lane for isolated dispatch when local repo access is not required.</div>
+      </div>
       <div class="faq-item">
         <div class="faq-q" role="button" tabindex="0" aria-expanded="false" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)">Do I need a cloud account?</div>
         <div class="faq-a">No. Free keeps local enforcement on your machine with 5 daily feedback captures, 10 lesson searches, unlimited recall, gates, and hook blocking. No cloud account is required. Pro adds a personal local dashboard plus DPO export. Team is the hosted rollout lane when your group wants a shared lesson database, hosted review views, org dashboard visibility, and team-wide proof.</div>
@@ -839,7 +865,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.1.0</span>
+    <span class="footer-copy">© 2026 Max Smith KDP LLC · MIT License · v1.2.0</span>
   </div>
 </footer>
 

package/scripts/ai-search-visibility.js

@@ -0,0 +1,142 @@
+'use strict';
+
+const https = require('node:https');
+const fs = require('node:fs');
+const path = require('node:path');
+
+const PROMPTS = [
+  'best pre-action gate tools for AI coding agents',
+  'how to prevent AI coding agent from making mistakes',
+  'Claude Code safety tools',
+  'npm packages for AI agent guardrails',
+  'how to block bad tool calls in AI agents',
+  'alternatives to thumbgate',
+  'pre-tool-use hooks for AI agents',
+  'AI coding agent memory and learning',
+];
+
+function queryPerplexity(prompt, apiKey) {
+  return new Promise((resolve, reject) => {
+    const body = JSON.stringify({
+      model: 'sonar',
+      messages: [{ role: 'user', content: prompt }],
+    });
+    const req = https.request(
+      {
+        hostname: 'api.perplexity.ai',
+        path: '/chat/completions',
+        method: 'POST',
+        headers: {
+          Authorization: `Bearer ${apiKey}`,
+          'Content-Type': 'application/json',
+          'Content-Length': Buffer.byteLength(body),
+        },
+      },
+      (res) => {
+        const chunks = [];
+        res.on('data', (c) => chunks.push(c));
+        res.on('end', () => {
+          try {
+            const json = JSON.parse(Buffer.concat(chunks).toString());
+            const content = json.choices?.[0]?.message?.content || '';
+            resolve(content);
+          } catch (e) {
+            reject(new Error(`Failed to parse Perplexity response: ${e.message}`));
+          }
+        });
+      }
+    );
+    req.on('error', reject);
+    req.write(body);
+    req.end();
+  });
+}
+
+async function runVisibilityCheck(opts = {}) {
+  const apiKey = opts.apiKey || process.env.PERPLEXITY_API_KEY;
+  const queryFn = opts.queryFn || (apiKey ? (p) => queryPerplexity(p, apiKey) : null);
+
+  const results = [];
+  for (const prompt of PROMPTS) {
+    if (!queryFn) {
+      results.push({ prompt, status: 'MANUAL', response: null });
+      continue;
+    }
+    try {
+      const response = await queryFn(prompt);
+      const found = /thumbgate/i.test(response);
+      results.push({ prompt, status: found ? 'FOUND' : 'MISSING', response });
+    } catch (err) {
+      results.push({ prompt, status: 'ERROR', response: null, error: err.message });
+    }
+  }
+  return results;
+}
+
+function formatReport(results) {
+  const date = new Date().toISOString().slice(0, 10);
+  const lines = [`AI Search Visibility Report — ${date}`, '='.repeat(42)];
+
+  for (const r of results) {
+    const tag = `[${r.status}]`.padEnd(10);
+    const shortPrompt =
+      r.prompt.length > 60 ? r.prompt.slice(0, 57) + '...' : r.prompt;
+    const suffix =
+      r.status === 'FOUND'
+        ? '— mentioned in response'
+        : r.status === 'MISSING'
+          ? '— not found'
+          : r.status === 'MANUAL'
+            ? '— check manually'
+            : `— ${r.error || 'error'}`;
+    lines.push(`${tag} "${shortPrompt}" ${suffix}`);
+  }
+
+  const hasApi = results.some((r) => r.status !== 'MANUAL');
+  if (hasApi) {
+    const found = results.filter((r) => r.status === 'FOUND').length;
+    const total = results.filter((r) => r.status !== 'MANUAL').length;
+    lines.push('', `Score: ${found}/${total} prompts mention ThumbGate`);
+  } else {
+    lines.push('', `Manual checklist: ${results.length} prompts to test`);
+  }
+  return lines.join('\n');
+}
+
+function saveReport(results, opts = {}) {
+  const date = new Date().toISOString().slice(0, 10);
+  const dir = opts.dir || path.join(process.cwd(), '.thumbgate', 'ai-visibility');
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+
+  const filePath = path.join(dir, `${date}.json`);
+  const found = results.filter((r) => r.status === 'FOUND').length;
+  const total = results.filter((r) => r.status !== 'MANUAL').length;
+
+  const report = {
+    date,
+    score: total > 0 ? `${found}/${total}` : 'manual',
+    results: results.map((r) => ({
+      prompt: r.prompt,
+      status: r.status,
+      ...(r.error ? { error: r.error } : {}),
+    })),
+  };
+
+  fs.writeFileSync(filePath, JSON.stringify(report, null, 2));
+  return filePath;
+}
+
+module.exports = { PROMPTS, queryPerplexity, runVisibilityCheck, formatReport, saveReport };
+
+if (require.main === module) {
+  (async () => {
+    const results = await runVisibilityCheck();
+    const report = formatReport(results);
+    console.log(report);
+    const filePath = saveReport(results);
+    console.log(`\nReport saved to ${filePath}`);
+  })().catch((err) => {
+    console.error('Error:', err.message);
+    process.exit(1);
+  });
+}