thumbgate 1.23.0 → 1.23.2

package/public/ai-malpractice-prevention.html

@@ -3,181 +3,758 @@
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>AI Malpractice Prevention for Law Firms — ThumbGate</title>
+<title>Pre-Execution Controls for Legal AI Agents - ThumbGate</title>
 <script defer data-domain="thumbgate-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Your AI intake agent can commit unauthorized practice of law, miss a conflict, or breach privilege — usually all three. ThumbGate physically blocks each at the tool-call boundary, with an audit trail your malpractice carrier can read.">
-<meta property="og:title" content="AI Malpractice Prevention for Law Firms">
-<meta property="og:description" content="Runtime governance for legal AI agents — block UPL, miss-conflict, and privilege breach at the tool-call boundary. ABA Formal Op. 512-ready audit trail.">
+<meta name="description" content="Pre-execution controls for law-firm AI agents: block unauthorized advice, conflict-check failures, privilege leaks, and unapproved model calls before an agent acts.">
+<meta property="og:title" content="Pre-Execution Controls for Legal AI Agents">
+<meta property="og:description" content="ThumbGate preloads firm-approved ground truth, checks legal AI actions before execution, and records audit evidence for law-firm innovation, risk, and pricing teams.">
 <meta property="og:type" content="article">
-<meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
-<link rel="canonical" href="https://thumbgate-production.up.railway.app/ai-malpractice-prevention">
+<meta property="og:image" content="https://thumbgate.ai/og.png">
+<link rel="canonical" href="https://thumbgate.ai/ai-malpractice-prevention">
 <script type="application/ld+json">
 {
   "@context": "https://schema.org",
   "@type": "TechArticle",
-  "headline": "AI Malpractice Prevention for Law Firms",
-  "description": "ThumbGate is a runtime governance layer that physically blocks AI legal-assistant agents from committing unauthorized practice of law, missing conflicts, or breaching privilege.",
+  "headline": "Pre-Execution Controls for Legal AI Agents",
+  "description": "ThumbGate is a pre-execution control layer for law-firm AI intake workflows. It can preload firm-approved ground truth, evaluate proposed agent actions before execution, and produce audit evidence for human review.",
   "datePublished": "2026-05-21",
-  "dateModified": "2026-05-21",
+  "dateModified": "2026-05-25",
   "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
-  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate-production.up.railway.app" },
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
   "about": [
-    { "@type": "Thing", "name": "Legal AI" },
+    { "@type": "Thing", "name": "Legal AI Governance" },
     { "@type": "Thing", "name": "Unauthorized Practice of Law" },
     { "@type": "Thing", "name": "Attorney-Client Privilege" },
-    { "@type": "Thing", "name": "ABA Model Rules" },
+    { "@type": "Thing", "name": "ABA Formal Opinion 512" },
     { "@type": "Thing", "name": "Conflict of Interest Check" }
   ]
 }
 </script>
 <style>
-  *, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
-  :root { --bg:#0a0a0b; --card:#161618; --border:#222225; --text:#e8e8ec; --muted:#8b8b94; --cyan:#22d3ee; --red:#f87171; --green:#34d399; }
-  body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; background: var(--bg); color: var(--text); line-height: 1.7; }
-  .container { max-width: 860px; margin: 0 auto; padding: 2rem 1.5rem 4rem; }
-  nav { padding: 1rem 2rem; border-bottom: 1px solid var(--border); display:flex; gap:1.5rem; flex-wrap:wrap; }
-  nav a { color: var(--muted); text-decoration:none; font-size:0.9rem; }
-  nav .brand { color: var(--text); font-weight:700; }
-  .pill { display:inline-block; font-size:0.75rem; letter-spacing:0.08em; text-transform:uppercase; color:var(--cyan); background:rgba(34,211,238,0.08); border:1px solid rgba(34,211,238,0.2); padding:4px 12px; border-radius:100px; margin-top:1.5rem; font-weight:600; }
-  h1 { font-size:2.2rem; line-height:1.15; margin:1rem 0 1rem; }
-  h2 { font-size:1.45rem; margin:2.2rem 0 1rem; color:var(--cyan); }
-  h3 { margin:0.6rem 0; font-size:1rem; }
-  p, li { margin-bottom:0.75rem; }
-  ul, ol { padding-left:1.25rem; }
-  .card { background: var(--card); border:1px solid var(--border); border-radius:12px; padding:1.25rem; margin:1rem 0; }
-  .grid { display:grid; grid-template-columns:repeat(auto-fit,minmax(240px,1fr)); gap:1rem; margin:1rem 0; }
-  .grid .card h3 { color:var(--cyan); }
-  .scenario { border-left:3px solid var(--red); padding:0.9rem 1.1rem; margin:1rem 0; background:rgba(248,113,113,0.04); border-radius:6px; }
-  .scenario .label { display:inline-block; font-size:0.7rem; letter-spacing:0.08em; text-transform:uppercase; color:var(--red); font-weight:700; margin-bottom:0.5rem; }
-  .scenario .resolve { display:inline-block; font-size:0.7rem; letter-spacing:0.08em; text-transform:uppercase; color:var(--green); font-weight:700; margin:0.6rem 0 0.3rem; }
-  .cta { display:inline-block; background:var(--cyan); color:#000; padding:0.8rem 1.2rem; border-radius:8px; text-decoration:none; font-weight:700; }
-  .secondary { color:var(--cyan); text-decoration:underline; margin-left:1rem; }
-  .quote { border-left:3px solid var(--cyan); padding:0.75rem 1rem; margin:1rem 0; color:var(--muted); font-style:italic; }
-  code, pre { font-family: ui-monospace, SFMono-Regular, Menlo, monospace; background:#0f0f11; border:1px solid var(--border); border-radius:6px; padding:0.15rem 0.4rem; font-size:0.9rem; }
-  pre { padding:0.85rem 1rem; overflow-x:auto; }
-  .footer-links { margin-top:2.5rem; padding-top:1.25rem; border-top:1px solid var(--border); color:var(--muted); font-size:0.9rem; }
-  .footer-links a { color:var(--cyan); text-decoration:none; }
-  table.compliance { width:100%; border-collapse:collapse; margin:1rem 0; font-size:0.95rem; }
-  table.compliance th, table.compliance td { padding:0.6rem 0.8rem; border-bottom:1px solid var(--border); text-align:left; vertical-align:top; }
-  table.compliance th { color:var(--cyan); font-size:0.8rem; text-transform:uppercase; letter-spacing:0.05em; }
-  .rule-cite { color:var(--cyan); font-weight:600; }
+  *, *::before, *::after { box-sizing: border-box; }
+  :root {
+    --bg: #08090b;
+    --panel: #14161a;
+    --panel-2: #1b1f26;
+    --line: #2c313a;
+    --text: #f2f4f8;
+    --muted: #a7afbd;
+    --soft: #d8deea;
+    --blue: #62a4ff;
+    --cyan: #2dd4bf;
+    --amber: #f2bd5b;
+    --red: #fb7185;
+    --green: #72e3a5;
+  }
+  body {
+    margin: 0;
+    font-family: Inter, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    background: var(--bg);
+    color: var(--text);
+    line-height: 1.58;
+  }
+  a { color: var(--blue); }
+  nav {
+    display: flex;
+    align-items: center;
+    gap: 1.1rem;
+    flex-wrap: wrap;
+    padding: 0.9rem clamp(1rem, 3vw, 2.25rem);
+    border-bottom: 1px solid var(--line);
+    background: rgba(8, 9, 11, 0.94);
+    position: sticky;
+    top: 0;
+    z-index: 10;
+  }
+  nav a { color: var(--muted); text-decoration: none; font-size: 0.9rem; }
+  nav .brand { color: var(--text); font-weight: 850; }
+  .wrap { max-width: 1120px; margin: 0 auto; padding: 0 clamp(1rem, 3vw, 2rem); }
+  .hero {
+    min-height: calc(100vh - 68px);
+    display: grid;
+    grid-template-columns: minmax(0, 1fr) minmax(320px, 0.9fr);
+    gap: clamp(2rem, 5vw, 4rem);
+    align-items: center;
+    padding: clamp(3rem, 6vw, 5rem) 0 2.2rem;
+  }
+  .eyebrow {
+    display: inline-flex;
+    color: var(--cyan);
+    border: 1px solid rgba(45, 212, 191, 0.24);
+    background: rgba(45, 212, 191, 0.08);
+    padding: 0.34rem 0.72rem;
+    border-radius: 999px;
+    font-size: 0.76rem;
+    font-weight: 850;
+    letter-spacing: 0.08em;
+    text-transform: uppercase;
+  }
+  h1 {
+    font-size: clamp(2.25rem, 4.1vw, 3.65rem);
+    line-height: 1.03;
+    letter-spacing: 0;
+    margin: 1.1rem 0 1rem;
+    max-width: 800px;
+  }
+  .lead {
+    color: var(--soft);
+    font-size: clamp(1.05rem, 1.65vw, 1.24rem);
+    max-width: 760px;
+    margin: 0 0 1.4rem;
+  }
+  .hero-actions { display: flex; align-items: center; gap: 1rem; flex-wrap: wrap; margin: 1.4rem 0; }
+  .cta {
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    min-height: 48px;
+    padding: 0.78rem 1.05rem;
+    border-radius: 8px;
+    background: var(--blue);
+    color: #06111f;
+    text-decoration: none;
+    font-weight: 850;
+  }
+  .ghost { color: var(--soft); text-decoration: none; border-bottom: 1px solid var(--line); padding-bottom: 0.1rem; }
+  .proof-row {
+    display: grid;
+    grid-template-columns: repeat(3, minmax(0, 1fr));
+    gap: 0.75rem;
+    margin-top: 1.2rem;
+    max-width: 820px;
+  }
+  .proof {
+    border: 1px solid var(--line);
+    border-radius: 8px;
+    padding: 0.82rem;
+    background: rgba(255, 255, 255, 0.03);
+    min-height: 92px;
+  }
+  .proof strong { display: block; color: var(--text); font-size: 0.94rem; }
+  .proof span { color: var(--muted); font-size: 0.85rem; }
+  .trust-strip {
+    display: grid;
+    grid-template-columns: repeat(4, minmax(0, 1fr));
+    gap: 0.7rem;
+    margin: 1.2rem 0 0;
+    max-width: 920px;
+  }
+  .trust-item {
+    border: 1px solid rgba(98, 164, 255, 0.24);
+    border-radius: 8px;
+    background: rgba(98, 164, 255, 0.07);
+    padding: 0.72rem;
+    color: var(--soft);
+    font-size: 0.82rem;
+    font-weight: 750;
+  }
+  .control-flow {
+    border: 1px solid #343a46;
+    background: #101318;
+    border-radius: 8px;
+    box-shadow: 0 24px 80px rgba(0, 0, 0, 0.34);
+    padding: 1rem;
+  }
+  .flow-asset {
+    display: block;
+    width: 100%;
+    height: auto;
+    border: 1px solid var(--line);
+    border-radius: 8px;
+    margin: 0 0 0.9rem;
+    background: #08090b;
+  }
+  .control-flow h2 { font-size: 1rem; margin: 0 0 0.85rem; color: var(--soft); }
+  .flow-step {
+    display: grid;
+    grid-template-columns: 34px minmax(0, 1fr);
+    gap: 0.8rem;
+    align-items: start;
+    border: 1px solid var(--line);
+    border-radius: 8px;
+    background: var(--panel);
+    padding: 0.88rem;
+    margin: 0.72rem 0;
+  }
+  .num {
+    width: 34px;
+    height: 34px;
+    display: grid;
+    place-items: center;
+    border-radius: 8px;
+    font-weight: 850;
+    color: #06111f;
+    background: var(--cyan);
+  }
+  .flow-step h3 { margin: 0 0 0.24rem; font-size: 0.98rem; }
+  .flow-step p { margin: 0; color: var(--muted); font-size: 0.9rem; }
+  .blocked { border-color: rgba(251, 113, 133, 0.55); background: rgba(251, 113, 133, 0.08); }
+  .blocked .num { background: var(--red); color: #19070a; }
+  .cleared { border-color: rgba(114, 227, 165, 0.42); background: rgba(114, 227, 165, 0.08); }
+  .cleared .num { background: var(--green); color: #06120b; }
+  main section {
+    border-top: 1px solid var(--line);
+    padding: clamp(2.35rem, 5vw, 4rem) 0;
+  }
+  h2 {
+    font-size: clamp(1.75rem, 2.8vw, 2.5rem);
+    line-height: 1.15;
+    margin: 0 0 0.75rem;
+    letter-spacing: 0;
+  }
+  .section-lead { color: var(--muted); font-size: 1.05rem; max-width: 820px; margin: 0 0 1.35rem; }
+  .grid { display: grid; grid-template-columns: repeat(3, minmax(0, 1fr)); gap: 1rem; }
+  .two { grid-template-columns: repeat(2, minmax(0, 1fr)); }
+  .card {
+    border: 1px solid var(--line);
+    background: var(--panel);
+    border-radius: 8px;
+    padding: 1rem;
+  }
+  .card h3 { margin: 0 0 0.5rem; font-size: 1.04rem; color: var(--text); }
+  .card p, .card li { color: var(--muted); margin: 0.42rem 0; }
+  .tag {
+    display: inline-flex;
+    color: #071116;
+    background: var(--cyan);
+    border-radius: 6px;
+    padding: 0.14rem 0.45rem;
+    font-size: 0.72rem;
+    font-weight: 850;
+    margin-bottom: 0.62rem;
+  }
+  .amber { background: var(--amber); }
+  .red { background: var(--red); color: #19070a; }
+  .blue { background: var(--blue); color: #06111f; }
+  .green { background: var(--green); color: #06120b; }
+  .matrix { width: 100%; border-collapse: collapse; border: 1px solid var(--line); border-radius: 8px; overflow: hidden; }
+  .matrix th, .matrix td {
+    padding: 0.82rem;
+    border-bottom: 1px solid var(--line);
+    vertical-align: top;
+    text-align: left;
+  }
+  .matrix th { color: var(--cyan); background: #11151b; font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; }
+  .matrix td { color: var(--muted); }
+  .callout {
+    background: #f2f4f8;
+    color: #111827;
+    border-radius: 8px;
+    padding: clamp(1.2rem, 3vw, 1.8rem);
+  }
+  .callout p, .callout li { color: #344054; }
+  .callout .cta { background: #111827; color: #fff; }
+  .footer {
+    color: var(--muted);
+    padding: 2.2rem 0 4rem;
+    border-top: 1px solid var(--line);
+  }
+  @media (max-width: 880px) {
+    .hero, .grid, .two, .proof-row, .trust-strip { grid-template-columns: 1fr; }
+    .hero { min-height: auto; padding-top: 2.4rem; }
+    nav { position: static; }
+  }
+  @media (max-width: 700px) {
+    .matrix, .matrix tbody, .matrix tr, .matrix td { display: block; width: 100%; }
+    .matrix { border: 0; }
+    .matrix thead { display: none; }
+    .matrix tr {
+      border: 1px solid var(--line);
+      border-radius: 8px;
+      margin-bottom: 0.85rem;
+      background: var(--panel);
+      overflow: hidden;
+    }
+    .matrix td { border-bottom: 1px solid var(--line); padding: 0.75rem 0.9rem; }
+    .matrix td:last-child { border-bottom: 0; }
+    .matrix td::before {
+      display: block;
+      color: var(--cyan);
+      font-size: 0.72rem;
+      font-weight: 850;
+      letter-spacing: 0.06em;
+      margin-bottom: 0.25rem;
+      text-transform: uppercase;
+    }
+    .matrix td:nth-child(1)::before { content: "Buyer question"; }
+    .matrix td:nth-child(2)::before { content: "Pilot answer"; }
+    .matrix td:nth-child(3)::before { content: "Evidence to bring"; }
+  }
+  .demo-result { margin-top:1rem; padding:1rem; border-radius:8px; font-size:0.95rem; }
+  .demo-blocked { background:rgba(248,113,113,0.1); border:1px solid var(--red); }
+  .demo-cleared { background:rgba(52,211,153,0.1); border:1px solid var(--green); }
+  .audit-log { font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size:0.85rem; background:#0f0f11; padding:0.75rem; border-radius:6px; margin-top:0.75rem; white-space:pre-wrap; color:var(--soft); }
 </style>
 </head>
 <body>
 <nav>
-  <a href="/" class="brand">ThumbGate</a>
+  <a href="/ai-malpractice-prevention" class="brand">ThumbGate</a>
   <a href="/agent-manager">Agent Manager</a>
-  <a href="/codex-enterprise">Codex Enterprise</a>
   <a href="/agents-cost-savings">FinOps for Agents</a>
-  <a href="/federal">Federal</a>
   <a href="/dashboard">Dashboard demo</a>
   <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
 </nav>
-<div class="container">
-  <span class="pill">AI Malpractice Prevention</span>
-  <h1>Your AI intake agent can commit UPL, miss a conflict, or breach privilege — usually all three. ThumbGate prevents each at the tool-call boundary.</h1>
-  <p>2025 produced <strong>66 documented court sanctions against attorneys</strong> for AI-generated fake citations and related failures, with fines up to $31,000. That is just the public surface. The internal events — UPL-shaped responses from intake bots, conflict misses, privilege leaks to external LLM processors — are happening at every firm that deployed generative AI in the last 18 months, and most of them are not yet surfacing in OPR review or malpractice claims because the audit trail to catch them doesn't exist.</p>
-  <p>ThumbGate is the runtime layer that catches them <em>before</em> they happen. Every agent action — every API call, every document fetch, every drafted message — passes through a PreToolUse gate that fires before the action executes. Known-bad shapes are blocked with the audit trail your malpractice carrier and your OPR review actually want to read.</p>
-  <p>The framing matters: ThumbGate isn't another legal AI tool your innovation team has to vet. It's the <strong>vetting-collapse layer</strong> that sits between the agents you've already adopted — Harvey, Copilot, Legora, internal scripts, whatever a client mandates next quarter — and the tool calls those agents try to make. One control plane, every model, every matter, every output.</p>
-
-  <h2>The three failure modes ThumbGate prevents</h2>
-  <div class="grid">
-    <div class="card">
-      <h3>1. Unauthorized practice of law <span class="rule-cite">(Rule 5.5)</span></h3>
-      <p>The AI intake bot tells a prospect <em>"based on what you've described, you have a strong case for breach of fiduciary duty."</em> That's legal advice from a non-lawyer. Under Rule 5.5 — and under most state bar interpretations — the firm is on the hook. ThumbGate's UPL gate intercepts response candidates that match advice-shaped patterns (predictions, recommendations, outcome assertions) and replaces them with an intake hand-off to a licensed attorney.</p>
-    </div>
-    <div class="card">
-      <h3>2. Missed conflicts <span class="rule-cite">(Rules 1.7, 1.9, 1.10)</span></h3>
-      <p>The agent processes a new-client inquiry at 11pm on Sunday, schedules an intake call for Monday, sends a generic engagement letter — and only then runs the conflict check that finds the prospect is the opposing party in an existing matter. By then the firm has already received confidential information from the prospect. ThumbGate's conflict gate requires a positive clearance from the firm's adverse-parties list <em>before</em> the agent can accept any intake content beyond the initial routing question.</p>
-    </div>
-    <div class="card">
-      <h3>3. Privilege breach <span class="rule-cite">(Rule 1.6 + state evidence rules)</span></h3>
-      <p>An associate uses the firm's AI assistant to summarize a privileged deposition. The agent calls a public LLM endpoint to "improve the summary." Privileged content just left the firm's infrastructure to a third-party processor that has no equivalent privilege protection. ThumbGate's egress gate inspects every outbound API call from agents and blocks transmissions of content matching privilege-policy patterns (matter ID, client name, "Attorney Work Product" markers, custom firm classifiers) to non-approved processors.</p>
+
+<div class="wrap">
+  <header class="hero">
+    <div>
+      <div style="display: inline-block; border-left: 3px solid #fbbf24; background: rgba(251, 191, 36, 0.08); padding: 0.7rem 1rem; margin-bottom: 1.25rem; border-radius: 0 6px 6px 0; max-width: 760px;">
+        <strong style="color: #fbbf24; font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.08em; display: block; margin-bottom: 0.25rem;">Why this matters now &mdash; 2026</strong>
+        <span style="color: var(--text); font-size: 0.95rem; line-height: 1.55;">Sullivan &amp; Cromwell apologized to a federal judge for AI-hallucinated citations &mdash; despite policies, mandatory training, and verification requirements. Gordon Rees did the same on a bankruptcy filing. The <a href="https://www.damiencharlotin.com/hallucinations/" target="_blank" rel="noopener" style="color: #fbbf24">public hallucination-cases database</a> now catalogs <strong>1,369+ rulings</strong>. The firms with policies still got sanctioned. <em>Policies are not enforcement.</em> A runtime gate is.</span>
+      </div>
+      <span class="eyebrow">Pre-read for law-firm AI governance pilots</span>
+      <h1>Pre-execution controls for legal AI agents.</h1>
+      <p class="lead">Block unauthorized advice, conflict-check failures, privilege leaks, and unapproved model calls before an intake agent replies, fetches records, schedules a meeting, or sends data outside the firm's approved boundary.</p>
+      <p style="color: var(--soft); font-size: 0.98rem; max-width: 760px; margin: 0 0 1.1rem; padding: 0.7rem 1rem; border-left: 3px solid var(--green); background: rgba(114, 227, 165, 0.06); border-radius: 0 6px 6px 0;">
+        <strong style="color: var(--green)">Predictability you can put in front of a client.</strong>
+        Pre-execution controls aren't just defensive &mdash; they make agentic-AI deployment <em>predictable enough to sell</em>. Innovation teams at law firms have always had to choose between speed and certainty. The runtime gate lets you have both: the agent moves at machine speed, the gate enforces firm-specific policy deterministically, and every decision ships an audit log your pricing partners can underwrite. <strong style="color: var(--soft)">Predictability. Insights. Value.</strong> The three things your innovation team already promises clients &mdash; extended to the agentic surface.
+      </p>
+      <p style="color: var(--soft); font-size: 0.95rem; max-width: 760px; margin: 0 0 1rem; padding: 0.55rem 0.85rem; border-left: 3px solid var(--cyan); background: rgba(45, 212, 191, 0.05); border-radius: 0 6px 6px 0;">
+        <strong style="color: var(--cyan)">The gate learns from your attorneys.</strong>
+        Every 👍 / 👎 an attorney logs on an AI answer becomes a lesson in your firm's local DB. Recurring patterns promote to deterministic rules. The next time a similar action is proposed, the rule fires before any human is asked to approve.
+        <a href="/learn/feedback-loop-vs-decision-layer" style="color: var(--cyan); white-space: nowrap;">How the feedback loop works &rarr;</a>
+      </p>
+      <div class="hero-actions">
+        <a class="cta" href="mailto:iganapolsky@gmail.com?subject=ThumbGate%2025-minute%20legal%20AI%20pilot%20walkthrough&amp;body=Hi%20Igor%2C%0A%0AWe%27d%20like%20to%20review%20the%2025-minute%20ThumbGate%20legal%20AI%20intake%20pilot.%20Please%20send%20the%20meeting%20invite%20and%20demo%20materials.%0A%0ABest%2C">Book a 25-minute pilot walkthrough</a>
+        <a class="ghost" href="#live-gate-demos">Try the live gates &rarr;</a>
+        <a class="ghost" href="#demo">View the 25-minute demo plan</a>
+      </div>
+      <div class="proof-row" aria-label="Key proof points">
+        <div class="proof"><strong>Preloaded controls</strong><span>Firm policy, approved disclaimers, adverse-party lists, routing rules, and model endpoint allowlists.</span></div>
+        <div class="proof"><strong>Pre-action checks</strong><span>Controls run before the agent replies, fetches records, schedules intake, or calls an external model.</span></div>
+        <div class="proof"><strong>Reviewable evidence</strong><span>Every block, warning, override, and handoff becomes a structured audit event.</span></div>
+      </div>
+      <div class="trust-strip" aria-label="Trust and deployment assumptions">
+        <div class="trust-item">Local-first enforcement option</div>
+        <div class="trust-item">Works around Azure OpenAI, Claude, Gemini, and internal tools</div>
+        <div class="trust-item">ABA Formal Opinion 512 mapped to reviewable controls</div>
+        <div class="trust-item">No guaranteed-malpractice-prevention claim</div>
+      </div>
     </div>
-  </div>
-
-  <h2>How the prevention actually works</h2>
-  <p>The mechanism is deliberately simple. ThumbGate sits between the agent and the world as a hook layer; every tool call the agent attempts (HTTP request, file read, database query, generated response delivery) passes through a <code>PreToolUse</code> gate first. The gate evaluates the proposed action against a lesson database built from your firm's own observed failures plus a library of legal-vertical defaults shipped with the product.</p>
-  <ul>
-    <li><strong>Promoted rules block known-bad shapes.</strong> When the same failure pattern recurs three or more times — silently, without a human even noticing — silent-failure clustering surfaces it as a candidate rule. A pre-promotion eval verifies precision before it joins the active gate set.</li>
-    <li><strong>Every block is logged with provenance.</strong> What was attempted, what rule fired, what corrective action the agent was redirected to. That log is the artifact your malpractice carrier and your OPR review actually want — not a vendor's "trust me" assurance.</li>
-    <li><strong>Nothing leaves your boundary.</strong> ThumbGate runs in-process or as a sidecar in your Azure / AWS tenant or on-prem. No client data, no privileged content, no matter metadata traverses our infrastructure. The hosted dashboard is optional and never receives privileged payloads — only counters and rule metadata.</li>
-  </ul>
-
-  <h2>Three scenarios from real firm pain</h2>
-
-  <div class="scenario">
-    <span class="label">Scenario 1 — after-hours UPL</span>
-    <p><strong>Without ThumbGate:</strong> Saturday 11 PM. An estate-planning prospect uses the firm's website AI assistant to ask "if I name my brother as executor but he lives in another state, does that cause problems?" The assistant, trained on legal content, replies with a 4-paragraph explanation of out-of-state-executor bonds and tax implications. That's legal advice. The firm's malpractice carrier finds out 8 months later when the prospect (who hired a different firm) sues over an estate dispute and the deposition surfaces the chatbot transcript.</p>
-    <span class="resolve">With ThumbGate</span>
-    <p>The UPL gate matches the response shape (jurisdictional analysis + recommendation) against the promoted rule for "advice-shaped output from non-attorney source." The assistant's response is intercepted before delivery and replaced with: <em>"That's a legal question that needs a licensed attorney in your state. I can book you a 30-min consult with one of our estate-planning attorneys — would Monday at 10 AM work?"</em> The intake gets scheduled, the firm captures the lead, no UPL ever occurs, and the audit log shows the firm prevented the failure mode.</p>
-  </div>
-
-  <div class="scenario">
-    <span class="label">Scenario 2 — adverse-party conflict miss</span>
-    <p><strong>Without ThumbGate:</strong> A junior associate uses the firm's AI document-fetcher agent to pull "all recent filings involving Acme Corporation" for due diligence on a new M&A engagement. The agent retrieves dozens of documents — including filings from a matter where the firm represents Acme's largest competitor. Privileged work product from the existing matter now sits in the associate's local cache. The firm has just created a screen problem at minimum; at worst, a disqualification motion six weeks later.</p>
-    <span class="resolve">With ThumbGate</span>
-    <p>The conflict gate fires on every document-fetch tool call. Before the fetch executes, it cross-references the requesting matter ID against the firm's adverse-parties list. The Acme-competitor matter is flagged. The fetch is blocked and the agent is redirected to: <em>"Acme Corporation appears as an adverse party in matter [REDACTED]. This fetch is blocked. Contact [matter-attorney email] to discuss whether an ethics screen is needed before proceeding."</em> No cross-contamination, no waiver risk.</p>
-  </div>
-
-  <div class="scenario">
-    <span class="label">Scenario 3 — egress privilege breach</span>
-    <p><strong>Without ThumbGate:</strong> A partner pastes a 200-page deposition transcript into the firm's "AI Brief Assistant" and asks for a summary. The Brief Assistant, under the hood, calls an external LLM API for the long-context summarization step because the in-house model's context window is too short. Privileged deposition content just left the firm's network to a vendor whose terms of service include "we may use submitted content to improve our models." Privilege waiver argument waiting to happen.</p>
-    <span class="resolve">With ThumbGate</span>
-    <p>The egress gate inspects every outbound API call. The deposition's metadata header includes the firm's "Attorney Work Product" marker. The call to the external LLM is blocked. The agent is redirected to a privilege-safe alternative: in-tenant summarization via the firm's Azure OpenAI deployment (which carries the firm's BAA) or chunked summarization that stays inside the model's context window. The transcript never leaves the firm's boundary; the audit log records the block.</p>
-  </div>
-
-  <h2>Compliance matrix — what ThumbGate maps to</h2>
-  <table class="compliance">
-    <thead>
-      <tr><th>Authority</th><th>Requirement</th><th>ThumbGate's mechanism</th></tr>
-    </thead>
-    <tbody>
-      <tr><td>ABA Model Rule 1.1 + cmt. 8</td><td>Competence in the benefits and risks of relevant technology</td><td>Audit trail of every agent action gives partners evidence of supervision-grade understanding</td></tr>
-      <tr><td>ABA Model Rule 1.6</td><td>Protect confidential information</td><td>Egress gate blocks outbound calls carrying client-confidential or privileged content to non-approved processors</td></tr>
-      <tr><td>ABA Model Rule 5.3</td><td>Supervise non-lawyer assistance, including AI tools</td><td>Per-call evidence + per-rule provenance is the supervision artifact</td></tr>
-      <tr><td>ABA Model Rule 5.5</td><td>No unauthorized practice of law</td><td>UPL gate intercepts advice-shaped output from non-attorney agents pre-delivery</td></tr>
-      <tr><td>ABA Formal Op. 512 (Jul 2024)</td><td>Verify AI output, protect confidentiality, consider client disclosure</td><td>Audit trail covers the verification + disclosure questions in one artifact</td></tr>
-      <tr><td>Rules 1.7 / 1.9 / 1.10</td><td>Conflict of interest screening</td><td>Conflict gate requires positive clearance against adverse-parties list before agent can accept intake content</td></tr>
-    </tbody>
-  </table>
-
-  <h2>Why this is the Chief Pricing & Innovation Officer's problem (not just the GC's)</h2>
-  <p>Every alternative-fee arrangement carries an implicit risk reserve against malpractice tail events. A single sanction, disqualification motion, or bar complaint compresses AFA margins for the entire vintage of matters affected. The events ThumbGate prevents are precisely the events that trigger reserves. Framed in pricing terms, the runtime gate is a <strong>reserve-cost reduction control</strong>: prevented sanctions are dollars not held against alternative-fee matter margins. The audit trail is the artifact the firm's malpractice carrier reads when arguing for a premium reduction at the next renewal.</p>
-  <p>Standardization gets easier the same way. Each new client mandate ("you must use Tool X for our matters, you may not use Tool Y") becomes a policy update at the gate, not a per-tool re-vetting cycle. The vetting work that takes calendar weeks today becomes a one-line rule in the gate config — applied across every existing agent without re-implementation.</p>
-
-  <h2>The deployment story (security committee's first objection answered first)</h2>
-  <ul>
-    <li><strong>Runs inside your boundary.</strong> ThumbGate is a Node.js process that runs as a sidecar in your Azure / AWS / on-prem environment. No client data, no privileged content, no matter metadata traverses our infrastructure.</li>
-    <li><strong>Microsoft 365 / Azure OpenAI compatible.</strong> If your firm is on the Microsoft stack, ThumbGate gates calls to your Azure OpenAI endpoint just as cleanly as it gates Anthropic, OpenAI public API, or any other LLM.</li>
-    <li><strong>BAA / DPA path.</strong> The optional hosted dashboard (analytics + rule library) carries a BAA. The runtime gate layer carries no BAA need because it never receives PHI / PII / privileged content — only counters and metadata.</li>
-    <li><strong>SOC 2 Type II in progress.</strong> Audit underway; final report Q3 2026. Pilot engagements can proceed under SOC 2 Type I + a Vendor Security Questionnaire response on file.</li>
-    <li><strong>No model lock-in.</strong> ThumbGate is vendor-neutral on the LLM. It works equally over Claude (Anthropic + AWS Bedrock), GPT-4 (OpenAI + Azure), Gemini, Llama-on-Mosaic, or any HTTP-callable model.</li>
-  </ul>
-
-  <h2>Pilot shape</h2>
-  <p>The recommended first engagement is a 30-day pilot focused on a single intake-channel and a single practice-area-specific conflict-list. Two of your attorneys, two of your IT/innovation staff, and one ThumbGate engineer running biweekly sync calls. Pilot deliverable: a documented set of promoted gate rules specific to your firm's risk profile, the audit-trail format reviewed by your malpractice carrier or OPR liaison, and a written go/no-go recommendation on firm-wide rollout. Investment for the pilot is positioned as a Workflow Hardening Sprint — fixed-scope, fixed-price, no per-attorney metering during evaluation.</p>
-
-  <div class="quote">"The job of legal-AI governance isn't 'tell the model to be more careful.' It's the tool-call boundary, with an audit trail that survives the deposition."</div>
-
-  <div class="card">
-    <p><strong>Next step: a 25-min walkthrough on a hypothetical intake-and-conflict scenario specific to your firm.</strong></p>
-    <p>
-      <a href="mailto:iganapolsky@gmail.com?subject=ThumbGate%20AI%20Malpractice%20Prevention%20-%20demo%20request&amp;body=Hi%20Igor%2C%0A%0AI%27m%20at%20%5Bfirm%5D%20and%20saw%20your%20AI%20malpractice%20prevention%20page.%20%0A%0AWe%27re%20evaluating%20how%20to%20govern%20our%20agentic%20legal-AI%20deployment%20and%20I%27d%20like%20to%20see%20a%20walkthrough.%20%0A%0AMy%20practice%20area%20is%3A%20%5B%5D%0AThe%20intake%20channel%20we%27re%20most%20worried%20about%3A%20%5B%5D%0A%0ABest%2C" class="cta">Book a 25-min walkthrough</a>
-      <a href="/agent-manager" class="secondary">Or read the Agent Manager role framing →</a>
-    </p>
-  </div>
-
-  <h2>Related reading</h2>
-  <ul>
-    <li><a href="/agents-cost-savings">FinOps for AI agents</a> — the cost-control composition for firms running multiple agents across matters.</li>
-    <li><a href="/federal">Federal / regulated workloads</a> — the same compliance bones (deployable inside your tenant, audit trail, SOC 2 path) that work for federal also satisfy law-firm professional-responsibility committees.</li>
-    <li><a href="/agent-manager">ThumbGate for the Agent Manager</a> — the role inside the firm that owns "what are our agents costing us, and what did we stop them from doing?"</li>
-  </ul>
-
-  <div class="footer-links">
-    Built for law firms whose Innovation function has been told to "make AI work in intake and document review" but hasn't been given the safety net that lets their partners sign off without losing sleep. ABA Formal Op. 512 is the bar; ThumbGate is the floor.
-  </div>
+
+    <aside class="control-flow" aria-label="ThumbGate pre-action control flow">
+      <img class="flow-asset" src="/assets/legal-intake-control-flow.svg" alt="Diagram of the ThumbGate legal intake pre-action control flow">
+      <h2>What the demo should show</h2>
+      <div class="flow-step">
+        <span class="num">1</span>
+        <div>
+          <h3>Prospect asks a risky intake question</h3>
+          <p>"Can I sue my former employer in Florida if they changed my commission plan?"</p>
+        </div>
+      </div>
+      <div class="flow-step blocked">
+        <span class="num">2</span>
+        <div>
+          <h3>Advice-shaped response is stopped</h3>
+          <p>Legal conclusion plus jurisdictional recommendation is routed to attorney review before delivery.</p>
+        </div>
+      </div>
+      <div class="flow-step cleared">
+        <span class="num">3</span>
+        <div>
+          <h3>Safe handoff is allowed</h3>
+          <p>The agent collects neutral routing details and schedules review without creating reliance.</p>
+        </div>
+      </div>
+      <div class="flow-step">
+        <span class="num">4</span>
+        <div>
+          <h3>Audit event is exportable</h3>
+          <p>Rule version, source policy, proposed action, outcome, reviewer, and timestamp are preserved.</p>
+        </div>
+      </div>
+    </aside>
+  </header>
+
+  <main>
+    <section>
+      <h2>Why this is credible now.</h2>
+      <p class="section-lead">The market is not waiting for perfect AI. Large firms are adopting legal AI while ethics, security, and innovation teams are still formalizing the controls around it. ThumbGate fits that gap: it is not another research assistant; it is a control point around the assistants and agents a firm already wants to evaluate. Governance has to live outside the model's context window. If the agent can reason around the rule, it is not really a rule.</p>
+      <div class="grid">
+        <div class="card">
+          <span class="tag blue">Governance</span>
+          <h3>ABA Formal Opinion 512 maps cleanly to controls</h3>
+          <p>Competence, confidentiality, supervision, verification, communication, and reasonable fees become concrete checks and review records.</p>
+        </div>
+        <div class="card">
+          <span class="tag amber">Adoption</span>
+          <h3>AI is entering normal workflows</h3>
+          <p>The practical buyer question is no longer "will lawyers use AI?" It is "which actions can an agent take without review?"</p>
+        </div>
+        <div class="card">
+          <span class="tag green">Positioning</span>
+          <h3>Vendor-neutral by design</h3>
+          <p>The pilot can sit around internal tools, Azure OpenAI, Claude, Gemini, document systems, or purpose-built legal AI products.</p>
+        </div>
+      </div>
+    </section>
+
+    <section>
+      <h2>The pilot is an AI-SDLC control layer, not a chatbot demo.</h2>
+      <p class="section-lead">The strongest buyer framing is simple: the firm may already have agents, copilots, research tools, and intake experiments. What it still needs is the system around those agents: triggers, isolated runs, approved context, visibility, and controls that live outside the model prompt.</p>
+      <div class="grid">
+        <div class="card">
+          <span class="tag blue">Trigger</span>
+          <h3>Define what starts legal AI work</h3>
+          <p>A pilot run should begin from a scoped intake event, not an open-ended prompt. The event carries practice area, jurisdiction, allowed tools, reviewer role, and done criteria.</p>
+        </div>
+        <div class="card">
+          <span class="tag amber">Context</span>
+          <h3>Load only approved firm ground truth</h3>
+          <p>Disclaimers, adverse-party fixtures, model allowlists, routing policy, and supervision rules should be versioned inputs, not improvised chat context.</p>
+        </div>
+        <div class="card">
+          <span class="tag green">Controls</span>
+          <h3>Block before the action happens</h3>
+          <p>Pre-action gates stop advice-shaped replies, conflict-precheck bypass, and confidential egress before the agent sends, fetches, schedules, or calls out.</p>
+        </div>
+      </div>
+      <div class="callout" style="margin-top:1rem;">
+        <p><strong>Executive takeaway:</strong> ThumbGate does not ask a law firm to trust a bigger prompt. It gives risk, innovation, and security teams a reviewable control point between the agent and the next privileged action.</p>
+        <p><a href="/learn/background-agent-control-layer">Read the background-agent control-layer brief &rarr;</a></p>
+      </div>
+    </section>
+
+    <section>
+      <h2>Yes, the pilot can start with preloaded ground truth.</h2>
+      <p class="section-lead">The first pilot should not ask the model to discover the firm's risk posture. ThumbGate should load the approved rule pack before the first intake simulation, then prove that the agent is physically stopped when a proposed action violates that pack.</p>
+      <div class="grid">
+        <div class="card">
+          <span class="tag green">Inputs</span>
+          <h3>Firm-approved source material</h3>
+          <p>Disclaimers, intake scripts, escalation rules, practice-area boundaries, jurisdiction notes, model endpoint policy, retention rules, and reviewer roles.</p>
+        </div>
+        <div class="card">
+          <span class="tag amber">Fixtures</span>
+          <h3>Adverse-party and matter examples</h3>
+          <p>A synthetic adverse-party list and red-team intake transcripts let the demo show conflict stops without exposing privileged or client data.</p>
+        </div>
+        <div class="card">
+          <span class="tag blue">Outputs</span>
+          <h3>Deterministic control evidence</h3>
+          <p>Each demo decision shows the matched rule, proposed action, allowed or blocked outcome, reviewer path, timestamp, and exportable audit record.</p>
+        </div>
+      </div>
+    </section>
+
+    <section>
+      <h2>Three failure modes the pilot should control.</h2>
+      <div class="grid">
+        <div class="card">
+          <span class="tag red">UPL</span>
+          <h3>Unauthorized-practice risk</h3>
+          <p>Block outcome predictions, jurisdictional recommendations, and advice-shaped responses from non-attorney intake agents. Allow neutral collection and attorney handoff.</p>
+        </div>
+        <div class="card">
+          <span class="tag amber">Conflicts</span>
+          <h3>Conflict preconditions</h3>
+          <p>Require configured adverse-party clearance before the agent continues intake or requests sensitive matter facts.</p>
+        </div>
+        <div class="card">
+          <span class="tag blue">Privilege</span>
+          <h3>Confidentiality and egress</h3>
+          <p>Block or reroute outbound calls that include privileged markers, matter identifiers, or firm-classified confidential content.</p>
+        </div>
+      </div>
+    </section>
+
+    <section id="demo">
+      <h2>25-minute walkthrough agenda.</h2>
+      <p class="section-lead">The call should be visual. The goal is not to prove every enterprise feature. It is to show a repeatable mechanism the innovation team can explain internally.</p>
+      <div class="two grid">
+        <div class="card">
+          <h3>Show these assets</h3>
+          <ul>
+            <li>One unsafe intake transcript and blocked response.</li>
+            <li>One conflict-precheck stop before sensitive facts are collected.</li>
+            <li>One egress block or safe in-tenant reroute.</li>
+            <li>One audit export with rule version, source, outcome, and reviewer.</li>
+          </ul>
+        </div>
+        <div class="card">
+          <h3>Skip these on the first call</h3>
+          <ul>
+            <li>Broad platform tour.</li>
+            <li>Pricing page or checkout flow.</li>
+            <li>Unverified sanctions statistics.</li>
+            <li>Claims about SOC 2, BAA, carrier discounts, or guaranteed malpractice prevention.</li>
+          </ul>
+        </div>
+      </div>
+      <div class="two grid" style="margin-top:1rem;">
+        <div class="card">
+          <h3>Suggested agenda</h3>
+          <ul>
+            <li>3 minutes: confirm the target workflow and risk owners.</li>
+            <li>7 minutes: show blocked unauthorized-advice and conflict examples.</li>
+            <li>7 minutes: show preloaded ground truth and audit evidence.</li>
+            <li>5 minutes: discuss deployment boundary, data handling, and reviewer roles.</li>
+            <li>3 minutes: agree on pilot inputs and next step.</li>
+          </ul>
+        </div>
+        <div class="card">
+          <h3>Recommended ask</h3>
+          <p>Ask for one practice-area workflow, one approved disclaimer, one synthetic adverse-party fixture, one security contact, and permission to build a no-client-data pilot pack.</p>
+        </div>
+      </div>
+    </section>
+
+    <section>
+      <h2>Procurement questions to answer early.</h2>
+      <table class="matrix">
+        <thead>
+          <tr><th>Buyer question</th><th>Pilot answer</th><th>Evidence to bring</th></tr>
+        </thead>
+        <tbody>
+          <tr><td>Will our data train models?</td><td>The pilot can run inside the firm's boundary. Hosted services should receive only counters and rule metadata unless explicitly approved.</td><td>Data-flow diagram, retention note, subprocessor list.</td></tr>
+          <tr><td>Who can see privileged data?</td><td>Default pilot design keeps privileged payloads in the firm's environment, with access governed by their controls.</td><td>Architecture note and access-control assumptions.</td></tr>
+          <tr><td>Can we reproduce a decision later?</td><td>Each event should preserve the rule version, source policy, proposed action, decision, reviewer, and timestamp.</td><td>Sample audit export.</td></tr>
+          <tr><td>How do we tune false positives?</td><td>Use hard block, review queue, warning, and allow modes. Promote rules only after test examples and attorney approval.</td><td>Rule lifecycle and override examples.</td></tr>
+        </tbody>
+      </table>
+    </section>
+
+    <section>
+      <div class="callout">
+        <h2>Recommended 30-day pilot.</h2>
+        <p>Start narrow: one intake channel, one practice-area workflow, one adverse-party fixture, one approved-model routing policy, and one audit export format.</p>
+        <p>Deliverables: preloaded rule pack, demo agent, screenshot set, 60-second walkthrough clip, security data-flow note, pilot metrics, and a go/no-go rollout recommendation.</p>
+        <p style="margin:1.2rem 0 0.6rem;color:var(--amber);font-size:1.1rem;font-weight:700;">Pilot setup fee: $2,500 &ndash; $7,500 flat (scope-dependent). No per-seat or per-query billing during the pilot.</p>
+        <div style="display:flex;gap:1rem;flex-wrap:wrap;margin-top:1rem;">
+          <a class="cta" href="mailto:iganapolsky@gmail.com?subject=ThumbGate%2025-minute%20legal%20AI%20pilot%20walkthrough&amp;body=Hi%20Igor%2C%0A%0AWe%27d%20like%20to%20review%20the%2025-minute%20ThumbGate%20legal%20AI%20intake%20pilot.%20Please%20send%20the%20meeting%20invite%20and%20demo%20materials.%0A%0ABest%2C">Book a 25-minute pilot walkthrough</a>
+          <a class="ghost" href="/dashboard">View the live dashboard demo</a>
+        </div>
+      </div>
+    </section>
+
+    <section id="live-gate-demos">
+      <h2>Live gate demos &mdash; try them yourself</h2>
+      <div style="border-left: 3px solid var(--cyan); background: rgba(34, 211, 238, 0.06); padding: 0.85rem 1.1rem; margin: 0 0 1.5rem; border-radius: 0 6px 6px 0;">
+        <strong style="color: var(--cyan)">Monitor vs enforce.</strong> <span style="color: var(--text)">Agent observability tools log what your agent <em>did</em>. ThumbGate gates what your agent is <em>about to do</em> &mdash; runtime block before execution, not retrospective alert after the harm. SIEM ingestion is the audit trail. The PreToolUse hook is the prevention.</span>
+      </div>
+      <p style="color:var(--muted); margin-bottom:1.5rem">These simulators use the exact same deterministic PreToolUse logic that runs in production. No LLM calls on the enforcement path &mdash; just fast, auditable pattern matching.</p>
+
+      <!-- UPL Gate Simulator -->
+      <div class="card" style="margin-bottom:2rem">
+        <h3 style="color:var(--cyan); margin-bottom:0.75rem">1. UPL Gate &mdash; advice-shaped output detector</h3>
+        <p style="font-size:0.95rem; color:var(--muted)">Type what a client might ask an intake bot. The gate detects predictions, recommendations, or jurisdictional legal analysis from a non-attorney source and blocks delivery.</p>
+        <textarea id="upl-input" placeholder="E.g. 'Based on the facts you described, you likely have a strong claim for breach of contract and could recover significant damages.'" style="width:100%; height:90px; background:#0f0f11; color:var(--text); border:1px solid var(--line); border-radius:8px; padding:0.75rem; font-size:0.95rem; resize:vertical; margin:0.75rem 0"></textarea>
+        <button onclick="runUPLDemo()" class="cta" style="padding:0.6rem 1.1rem; font-size:0.9rem">Run through UPL Gate</button>
+        <div id="upl-result" class="demo-result" style="display:none"></div>
+      </div>
+
+      <!-- Conflict Check Simulator -->
+      <div class="card" style="margin-bottom:2rem">
+        <h3 style="color:var(--cyan); margin-bottom:0.75rem">2. Conflict Gate &mdash; adverse party clearance</h3>
+        <p style="font-size:0.95rem; color:var(--muted)">Enter a prospective client or party name. The gate checks against a sample adverse-parties list (real firms maintain much larger lists).</p>
+        <div style="display:flex; gap:0.75rem; align-items:flex-end; margin:0.75rem 0; flex-wrap:wrap">
+          <div style="flex:1; min-width:240px">
+            <label style="font-size:0.8rem; color:var(--muted); display:block; margin-bottom:0.25rem">Party / Company Name</label>
+            <input id="conflict-input" type="text" placeholder="Latam Real Capital" value="Latam Real Capital S.A." style="width:100%; background:#0f0f11; color:var(--text); border:1px solid var(--line); border-radius:8px; padding:0.6rem; font-size:0.95rem">
+          </div>
+          <button onclick="runConflictDemo()" class="cta" style="padding:0.6rem 1.1rem; font-size:0.9rem; white-space:nowrap">Check Against Adverse List</button>
+        </div>
+        <div style="font-size:0.8rem; color:var(--muted); margin-bottom:0.5rem">Sample adverse list (synthetic, illustrative): Latam Real Capital S.A. (real estate #M-2847), Hospitalia Holdings (hospitality M&amp;A #M-2911), NovaIA Latam (AI venture #M-2755)</div>
+        <div id="conflict-result" class="demo-result" style="display:none"></div>
+      </div>
+
+      <!-- Privilege Egress Simulator -->
+      <div class="card">
+        <h3 style="color:var(--cyan); margin-bottom:0.75rem">3. Egress Gate &mdash; privilege marker detector</h3>
+        <p style="font-size:0.95rem; color:var(--muted)">Paste content an agent might try to send to an external LLM (e.g. deposition summary request). The gate blocks if it detects privilege markers.</p>
+        <textarea id="privilege-input" placeholder="Please summarize this deposition transcript. [Attorney Work Product - Matter M-2847 - Confidential]" style="width:100%; height:90px; background:#0f0f11; color:var(--text); border:1px solid var(--line); border-radius:8px; padding:0.75rem; font-size:0.95rem; resize:vertical; margin:0.75rem 0"></textarea>
+        <button onclick="runPrivilegeDemo()" class="cta" style="padding:0.6rem 1.1rem; font-size:0.9rem">Attempt External LLM Call</button>
+        <div id="privilege-result" class="demo-result" style="display:none"></div>
+      </div>
+
+      <script>
+        function escapeHtml(s) {
+          return String(s).replace(/[&<>"']/g, function(c) {
+            return { '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c];
+          });
+        }
+        // Produces the same JSON shape a production ThumbGate gate would stream to the firm's SIEM.
+        // Includes ISO 27001 control mapping so procurement can map evidence to controls without translation.
+        window.__thumbgateBuildAudit = function(args) {
+          return {
+            audit_id: args.audit_id,
+            timestamp_iso: args.timestamp_iso,
+            rule: { id: args.rule_id, version: args.rule_version, matched: args.matched },
+            blocked_call: {
+              agent: args.agent,
+              input_excerpt: String(args.input || '').slice(0, 280),
+              matter_context: args.matter_context
+            },
+            action: args.action,
+            reviewer: null,
+            iso_27001_controls: args.iso_controls,
+            generated_by: 'ThumbGate PreToolUse Gate (sample export — production version streams to your SIEM)',
+            sample_disclaimer: 'Synthetic audit record for evaluation. No real client data referenced.'
+          };
+        };
+        window.__thumbgateDownloadAudit = function(payload, filename) {
+          try {
+            var json = JSON.stringify(payload, null, 2);
+            var blob = new Blob([json], { type: 'application/json' });
+            var url = URL.createObjectURL(blob);
+            var a = document.createElement('a');
+            a.href = url; a.download = filename;
+            document.body.appendChild(a); a.click();
+            document.body.removeChild(a);
+            setTimeout(function() { URL.revokeObjectURL(url); }, 10000);
+          } catch (e) { console.error('audit download failed', e); }
+        };
+        window.__thumbgateAuditRegistry = {};
+        window.__thumbgateAuditByKey = function(key) {
+          var entry = window.__thumbgateAuditRegistry[key];
+          if (!entry) return;
+          window.__thumbgateDownloadAudit(entry.payload, entry.filename);
+        };
+        window.__thumbgateAuditButton = function(key, payload, filename) {
+          window.__thumbgateAuditRegistry[key] = { payload: payload, filename: filename };
+          return '<button class="cta" style="margin-top:0.5rem; padding:0.45rem 0.9rem; font-size:0.82rem; background:transparent; color:var(--cyan); border:1px solid var(--cyan)" ' +
+            'onclick="__thumbgateAuditByKey(\'' + key + '\')">' +
+            'Download audit JSON (sample) &darr;</button>';
+        };
+        function runUPLDemo() {
+          var input = document.getElementById('upl-input').value.trim();
+          var resultDiv = document.getElementById('upl-result');
+          if (!input) { resultDiv.style.display = 'none'; return; }
+          var advicePatterns = ['you have a strong case', 'likely to win', 'you should', 'recommend that you', 'based on the facts you described', 'in my opinion', 'the best course is', 'you are entitled to'];
+          var lower = input.toLowerCase();
+          var blocked = false;
+          var reason = '';
+          for (var i = 0; i < advicePatterns.length; i++) {
+            if (lower.indexOf(advicePatterns[i]) !== -1) { blocked = true; reason = advicePatterns[i]; break; }
+          }
+          if (blocked) {
+            var uplPayload = __thumbgateBuildAudit({
+              audit_id: 'UPL-2847-20260526-091204',
+              timestamp_iso: '2026-05-26T09:12:04Z',
+              rule_id: 'UPL_RULE_05.5_ADVICE_SHAPE',
+              rule_version: '3.2',
+              matched: 'advice-shaped output from non-attorney source ("' + reason + '")',
+              agent: 'website-intake-bot-v2',
+              input: input,
+              matter_context: 'New client intake (web)',
+              action: 'REPLACE + LOG + NOTIFY_ATTORNEY',
+              iso_controls: ['A.5.34 (Privacy & PII protection)', 'A.5.24 (Information security incident management)']
+            });
+            resultDiv.innerHTML =
+              '<div class="demo-blocked">' +
+              '<strong style="color:#f87171">BLOCKED &mdash; UPL Gate fired</strong><br>' +
+              'Detected advice-shaped pattern: "' + escapeHtml(reason) + '"<br><br>' +
+              '<strong>Corrective action taken:</strong><br>' +
+              'Response replaced with: <em>"That\'s a legal question best answered by a licensed attorney. I can schedule a 30-minute consultation with one of our [practice area] attorneys &mdash; would [time] work for you?"</em><br><br>' +
+              '<div class="audit-log">[2026-05-26 09:12:04] PreToolUse gate: UPL_RULE_05.5_ADVICE_SHAPE v3.2\nRule matched: advice-shaped output from non-attorney source\nAction: REPLACE + LOG + NOTIFY_ATTORNEY\nAudit ID: UPL-2847-20260526-091204\nMatter context: New client intake (web)\nAgent: website-intake-bot-v2</div>' +
+              __thumbgateAuditButton('upl', uplPayload, 'ThumbGate-Audit-UPL-2847-2026-05-26.json') +
+              '</div>';
+          } else {
+            resultDiv.innerHTML =
+              '<div class="demo-cleared">' +
+              '<strong style="color:#34d399">CLEARED &mdash; no UPL pattern detected</strong><br>' +
+              'Response would be delivered as-is. (In production this would still be logged for training.)' +
+              '</div>';
+          }
+          resultDiv.style.display = 'block';
+        }
+
+        function runConflictDemo() {
+          var party = document.getElementById('conflict-input').value.trim().toLowerCase();
+          var resultDiv = document.getElementById('conflict-result');
+          if (!party) { resultDiv.style.display = 'none'; return; }
+          var adverseList = ['latam real capital', 'latam real', 'hospitalia holdings', 'hospitalia', 'novaia latam', 'novaia'];
+          var isAdverse = adverseList.some(function(a) { return party.indexOf(a) !== -1; });
+          if (isAdverse) {
+            var conflictPayload = __thumbgateBuildAudit({
+              audit_id: 'CONF-2911-20260526-091204',
+              timestamp_iso: '2026-05-26T09:12:04Z',
+              rule_id: 'CONFLICT_RULE_1.7_ADVERSE',
+              rule_version: '4.1',
+              matched: 'adverse-parties list match for "' + party + '"',
+              agent: 'doc-fetch-agent-v1',
+              input: party,
+              matter_context: 'New M&A intake — preliminary conflict check',
+              action: 'BLOCK + REDIRECT + LOG',
+              iso_controls: ['A.5.10 (Acceptable use of information)', 'A.5.24 (Information security incident management)', 'A.8.10 (Information deletion)']
+            });
+            resultDiv.innerHTML =
+              '<div class="demo-blocked">' +
+              '<strong style="color:#f87171">BLOCKED &mdash; Conflict Gate fired</strong><br>' +
+              '"' + escapeHtml(party) + '" matches adverse party in existing matter.<br><br>' +
+              '<strong>Corrective action:</strong> Fetch blocked. Agent redirected to: <em>"This party appears as adverse in matter M-2847. Contact ethics screen lead before proceeding."</em><br><br>' +
+              '<div class="audit-log">[2026-05-26 09:12:04] PreToolUse gate: CONFLICT_RULE_1.7_ADVERSE v4.1\nMatched: adverse-parties list\nAction: BLOCK + REDIRECT + LOG\nAudit ID: CONF-2911-20260526-091204\nRequesting matter: New M&amp;A intake\nAgent: doc-fetch-agent-v1</div>' +
+              __thumbgateAuditButton('conflict', conflictPayload, 'ThumbGate-Audit-CONF-2911-2026-05-26.json') +
+              '</div>';
+          } else {
+            resultDiv.innerHTML =
+              '<div class="demo-cleared">' +
+              '<strong style="color:#34d399">CLEARED &mdash; no conflict found</strong><br>' +
+              'Positive clearance recorded. Agent may proceed with intake.<br><br>' +
+              '<div class="audit-log">[2026-05-26 09:12:04] PreToolUse gate: CONFLICT_RULE_1.7_ADVERSE v4.1\nResult: CLEAR (no match in adverse list)\nAction: ALLOW + LOG\nAudit ID: CONF-2912-20260526-091204</div>' +
+              '</div>';
+          }
+          resultDiv.style.display = 'block';
+        }
+
+        function runPrivilegeDemo() {
+          var input = document.getElementById('privilege-input').value.trim();
+          var resultDiv = document.getElementById('privilege-result');
+          if (!input) { resultDiv.style.display = 'none'; return; }
+          var privMarkers = ['attorney work product', 'privileged', 'confidential - attorney client', 'matter m-', 'm-2847', 'm-2911'];
+          var lower = input.toLowerCase();
+          var blocked = false;
+          var marker = '';
+          for (var i = 0; i < privMarkers.length; i++) {
+            if (lower.indexOf(privMarkers[i]) !== -1) { blocked = true; marker = privMarkers[i]; break; }
+          }
+          if (blocked) {
+            var privilegePayload = __thumbgateBuildAudit({
+              audit_id: 'PRIV-2755-20260526-091204',
+              timestamp_iso: '2026-05-26T09:12:04Z',
+              rule_id: 'EGRESS_RULE_1.6_PRIVILEGE',
+              rule_version: '2.8',
+              matched: 'privilege marker in outbound payload ("' + marker + '")',
+              agent: 'brief-assistant-v3',
+              input: input,
+              matter_context: 'Outbound LLM call from attorney workspace',
+              action: 'BLOCK + REDIRECT_TO_TENANT_LLM + LOG',
+              iso_controls: ['A.5.34 (Privacy & PII protection)', 'A.5.14 (Information transfer)', 'A.8.24 (Use of cryptography)']
+            });
+            resultDiv.innerHTML =
+              '<div class="demo-blocked">' +
+              '<strong style="color:#f87171">BLOCKED &mdash; Egress Gate fired</strong><br>' +
+              'Detected privilege marker: "' + escapeHtml(marker) + '"<br><br>' +
+              '<strong>Corrective action:</strong> Outbound call to external LLM blocked. Redirected to in-tenant Azure OpenAI (BAA-protected) or internal summarizer.<br><br>' +
+              '<div class="audit-log">[2026-05-26 09:12:04] PreToolUse gate: EGRESS_RULE_1.6_PRIVILEGE v2.8\nRule matched: privilege marker in outbound payload\nAction: BLOCK + REDIRECT_TO_TENANT_LLM + LOG\nAudit ID: PRIV-2755-20260526-091204\nContent hash: sha256:7f3a... (truncated)\nAgent: brief-assistant-v3</div>' +
+              __thumbgateAuditButton('privilege', privilegePayload, 'ThumbGate-Audit-PRIV-2755-2026-05-26.json') +
+              '</div>';
+          } else {
+            resultDiv.innerHTML =
+              '<div class="demo-cleared">' +
+              '<strong style="color:#34d399">CLEARED &mdash; no privilege markers detected</strong><br>' +
+              'Content would be sent to external LLM (in production this would still trigger logging + optional human review flag).' +
+              '</div>';
+          }
+          resultDiv.style.display = 'block';
+        }
+
+        // Keyboard support: Enter submits, Shift+Enter inserts newline
+        var uplEl = document.getElementById('upl-input');
+        if (uplEl) uplEl.addEventListener('keydown', function(e) {
+          if (e.key === 'Enter' && !e.shiftKey) { e.preventDefault(); runUPLDemo(); }
+        });
+        var privEl = document.getElementById('privilege-input');
+        if (privEl) privEl.addEventListener('keydown', function(e) {
+          if (e.key === 'Enter' && !e.shiftKey) { e.preventDefault(); runPrivilegeDemo(); }
+        });
+      </script>
+    </section>
+  </main>
+
+  <footer class="footer">
+    <p>ThumbGate is a software control layer, not legal advice. This page is intended for pilot scoping with law-firm innovation, technology, risk, and pricing teams. Final policy choices should be reviewed by the firm's attorneys and security team.</p>
+  </footer>
 </div>
 </body>
 </html>