thumbgate 1.23.1 → 1.25.0

package/public/ai-malpractice-prevention.html

@@ -9,8 +9,8 @@
 <meta property="og:title" content="Pre-Execution Controls for Legal AI Agents">
 <meta property="og:description" content="ThumbGate preloads firm-approved ground truth, checks legal AI actions before execution, and records audit evidence for law-firm innovation, risk, and pricing teams.">
 <meta property="og:type" content="article">
-<meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
-<link rel="canonical" href="https://thumbgate-production.up.railway.app/ai-malpractice-prevention">
+<meta property="og:image" content="https://thumbgate.ai/og.png">
+<link rel="canonical" href="https://thumbgate.ai/ai-malpractice-prevention">
 <script type="application/ld+json">
 {
   "@context": "https://schema.org",
@@ -20,7 +20,7 @@
   "datePublished": "2026-05-21",
   "dateModified": "2026-05-25",
   "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
-  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate-production.up.railway.app" },
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
   "about": [
     { "@type": "Thing", "name": "Legal AI Governance" },
     { "@type": "Thing", "name": "Unauthorized Practice of Law" },
@@ -280,13 +280,16 @@
     .matrix td:nth-child(2)::before { content: "Pilot answer"; }
     .matrix td:nth-child(3)::before { content: "Evidence to bring"; }
   }
+  .demo-result { margin-top:1rem; padding:1rem; border-radius:8px; font-size:0.95rem; }
+  .demo-blocked { background:rgba(248,113,113,0.1); border:1px solid var(--red); }
+  .demo-cleared { background:rgba(52,211,153,0.1); border:1px solid var(--green); }
+  .audit-log { font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size:0.85rem; background:#0f0f11; padding:0.75rem; border-radius:6px; margin-top:0.75rem; white-space:pre-wrap; color:var(--soft); }
 </style>
 </head>
 <body>
 <nav>
-  <a href="/" class="brand">ThumbGate</a>
+  <a href="/ai-malpractice-prevention" class="brand">ThumbGate</a>
   <a href="/agent-manager">Agent Manager</a>
-  <a href="/codex-enterprise">Codex Enterprise</a>
   <a href="/agents-cost-savings">FinOps for Agents</a>
   <a href="/dashboard">Dashboard demo</a>
   <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
@@ -295,13 +298,38 @@
 <div class="wrap">
   <header class="hero">
     <div>
+      <div style="display: inline-block; border-left: 3px solid #fbbf24; background: rgba(251, 191, 36, 0.08); padding: 0.7rem 1rem; margin-bottom: 1.25rem; border-radius: 0 6px 6px 0; max-width: 760px;">
+        <strong style="color: #fbbf24; font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.08em; display: block; margin-bottom: 0.25rem;">Why this matters now &mdash; 2026</strong>
+        <span style="color: var(--text); font-size: 0.95rem; line-height: 1.55;">Sullivan &amp; Cromwell apologized to a federal judge for AI-hallucinated citations &mdash; despite policies, mandatory training, and verification requirements. Gordon Rees did the same on a bankruptcy filing. The <a href="https://www.damiencharlotin.com/hallucinations/" target="_blank" rel="noopener" style="color: #fbbf24">public hallucination-cases database</a> now catalogs <strong>1,369+ rulings</strong>. The firms with policies still got sanctioned. <em>Policies are not enforcement.</em> A runtime gate is.</span>
+      </div>
       <span class="eyebrow">Pre-read for law-firm AI governance pilots</span>
       <h1>Pre-execution controls for legal AI agents.</h1>
       <p class="lead">Block unauthorized advice, conflict-check failures, privilege leaks, and unapproved model calls before an intake agent replies, fetches records, schedules a meeting, or sends data outside the firm's approved boundary.</p>
+      <p style="color: var(--soft); font-size: 0.98rem; max-width: 760px; margin: 0 0 1.1rem; padding: 0.7rem 1rem; border-left: 3px solid var(--green); background: rgba(114, 227, 165, 0.06); border-radius: 0 6px 6px 0;">
+        <strong style="color: var(--green)">Predictability you can put in front of a client.</strong>
+        Pre-execution controls aren't just defensive &mdash; they make agentic-AI deployment <em>predictable enough to sell</em>. Innovation teams at law firms have always had to choose between speed and certainty. The runtime gate lets you have both: the agent moves at machine speed, the gate enforces firm-specific policy deterministically, and every decision ships an audit log your pricing partners can underwrite. <strong style="color: var(--soft)">Predictability. Insights. Value.</strong> The three things your innovation team already promises clients &mdash; extended to the agentic surface.
+      </p>
+      <p style="color: var(--soft); font-size: 0.95rem; max-width: 760px; margin: 0 0 1rem; padding: 0.55rem 0.85rem; border-left: 3px solid var(--cyan); background: rgba(45, 212, 191, 0.05); border-radius: 0 6px 6px 0;">
+        <strong style="color: var(--cyan)">The gate learns from your attorneys.</strong>
+        Every 👍 / 👎 an attorney logs on an AI answer becomes a lesson in your firm's local DB. Recurring patterns promote to deterministic rules. The next time a similar action is proposed, the rule fires before any human is asked to approve.
+        <a href="/learn/feedback-loop-vs-decision-layer" style="color: var(--cyan); white-space: nowrap;">How the feedback loop works &rarr;</a>
+      </p>
+      <p style="color: var(--soft); font-size: 0.95rem; max-width: 760px; margin: 0 0 1.1rem; padding: 0.7rem 1rem; border-left: 3px solid #a78bfa; background: rgba(167, 139, 250, 0.06); border-radius: 0 6px 6px 0;">
+        <strong style="color: #a78bfa">No public-facing chatbot? You still have the risk surface.</strong>
+        Most BigLaw firms don't take client intake through a chatbot &mdash; but their associates already paste matter context into Claude, Cursor, Codex, and internal LLM gateways every day. The risk isn't a bot giving public advice; it's <em>internal</em> agent use the firm can't see. ThumbGate sits between each agent and its next action, captures attorney 👍/👎 on every output, and produces a <strong style="color: var(--soft)">searchable audit log + RAG of every gated detection</strong> &mdash; queryable by ethics, risk, and innovation owners. Your conflicts DB and document systems stay where they are; we instrument what the agents inside the firm are about to do.
+      </p>
+      <p style="color: var(--soft); font-size: 0.95rem; max-width: 760px; margin: 0 0 1.1rem; padding: 0.7rem 1rem; border-left: 3px solid #f59e0b; background: rgba(245, 158, 11, 0.06); border-radius: 0 6px 6px 0;">
+        <strong style="color: #f59e0b">Already piloting an AI case tool? It makes agents capable &mdash; ThumbGate makes them auditable.</strong>
+        Litigation &amp; arbitration teams and in-house counsel are adopting AI case-intelligence and drafting copilots that touch privileged correspondence, pleadings, and matter files. Those tools make the agent <em>capable</em>; they don't give risk, ethics, and innovation owners a control point or a defensible record of what the agent was about to do. ThumbGate is the governance layer <em>around</em> them &mdash; a deterministic gate on the next action, attorney 👍/👎 promoted to firm rules, and an exportable audit trail &mdash; the evidence procurement (and your professional-liability review) actually ask for before agents run on multi-million-dollar matters.
+      </p>
       <div class="hero-actions">
         <a class="cta" href="mailto:iganapolsky@gmail.com?subject=ThumbGate%2025-minute%20legal%20AI%20pilot%20walkthrough&amp;body=Hi%20Igor%2C%0A%0AWe%27d%20like%20to%20review%20the%2025-minute%20ThumbGate%20legal%20AI%20intake%20pilot.%20Please%20send%20the%20meeting%20invite%20and%20demo%20materials.%0A%0ABest%2C">Book a 25-minute pilot walkthrough</a>
+        <a class="ghost" href="#live-gate-demos">Try the live gates &rarr;</a>
         <a class="ghost" href="#demo">View the 25-minute demo plan</a>
       </div>
+      <p style="font-size: 0.85rem; color: var(--muted); margin: -0.5rem 0 1.2rem; max-width: 760px;">
+        Button not opening your mail client? <button type="button" onclick="__thumbgateCopyPilotEmail(this)" style="padding:0.35rem 0.7rem; font-size:0.85rem; background:transparent; color:var(--cyan); border:1px solid var(--cyan); border-radius:5px; cursor:pointer; vertical-align: baseline;">Copy the email instead</button> or write to <span style="color: var(--text); user-select: all; font-family: ui-monospace, SFMono-Regular, Menlo, monospace;">iganapolsky@gmail.com</span> directly.
+      </p>
       <div class="proof-row" aria-label="Key proof points">
         <div class="proof"><strong>Preloaded controls</strong><span>Firm policy, approved disclaimers, adverse-party lists, routing rules, and model endpoint allowlists.</span></div>
         <div class="proof"><strong>Pre-action checks</strong><span>Controls run before the agent replies, fetches records, schedules intake, or calls an external model.</span></div>
@@ -352,7 +380,7 @@
   <main>
     <section>
       <h2>Why this is credible now.</h2>
-      <p class="section-lead">The market is not waiting for perfect AI. Large firms are adopting legal AI while ethics, security, and innovation teams are still formalizing the controls around it. ThumbGate fits that gap: it is not another research assistant; it is a control point around the assistants and agents a firm already wants to evaluate.</p>
+      <p class="section-lead">The market is not waiting for perfect AI. Large firms are adopting legal AI while ethics, security, and innovation teams are still formalizing the controls around it. ThumbGate fits that gap: it is not another research assistant; it is a control point around the assistants and agents a firm already wants to evaluate. Governance has to live outside the model's context window. If the agent can reason around the rule, it is not really a rule.</p>
       <div class="grid">
         <div class="card">
           <span class="tag blue">Governance</span>
@@ -372,6 +400,32 @@
       </div>
     </section>
 
+    <section>
+      <h2>The pilot is an AI-SDLC control layer, not a chatbot demo.</h2>
+      <p class="section-lead">The strongest buyer framing is simple: the firm may already have agents, copilots, research tools, and intake experiments. What it still needs is the system around those agents: triggers, isolated runs, approved context, visibility, and controls that live outside the model prompt.</p>
+      <div class="grid">
+        <div class="card">
+          <span class="tag blue">Trigger</span>
+          <h3>Define what starts legal AI work</h3>
+          <p>A pilot run should begin from a scoped intake event, not an open-ended prompt. The event carries practice area, jurisdiction, allowed tools, reviewer role, and done criteria.</p>
+        </div>
+        <div class="card">
+          <span class="tag amber">Context</span>
+          <h3>Load only approved firm ground truth</h3>
+          <p>Disclaimers, adverse-party fixtures, model allowlists, routing policy, and supervision rules should be versioned inputs, not improvised chat context.</p>
+        </div>
+        <div class="card">
+          <span class="tag green">Controls</span>
+          <h3>Block before the action happens</h3>
+          <p>Pre-action gates stop advice-shaped replies, conflict-precheck bypass, and confidential egress before the agent sends, fetches, schedules, or calls out.</p>
+        </div>
+      </div>
+      <div class="callout" style="margin-top:1rem;">
+        <p><strong>Executive takeaway:</strong> ThumbGate does not ask a law firm to trust a bigger prompt. It gives risk, innovation, and security teams a reviewable control point between the agent and the next privileged action.</p>
+        <p><a href="/learn/background-agent-control-layer">Read the background-agent control-layer brief &rarr;</a></p>
+      </div>
+    </section>
+
     <section>
       <h2>Yes, the pilot can start with preloaded ground truth.</h2>
       <p class="section-lead">The first pilot should not ask the model to discover the firm's risk posture. ThumbGate should load the approved rule pack before the first intake simulation, then prove that the agent is physically stopped when a proposed action violates that pack.</p>
@@ -476,8 +530,282 @@
         <h2>Recommended 30-day pilot.</h2>
         <p>Start narrow: one intake channel, one practice-area workflow, one adverse-party fixture, one approved-model routing policy, and one audit export format.</p>
         <p>Deliverables: preloaded rule pack, demo agent, screenshot set, 60-second walkthrough clip, security data-flow note, pilot metrics, and a go/no-go rollout recommendation.</p>
-        <p><a class="cta" href="mailto:iganapolsky@gmail.com?subject=ThumbGate%2025-minute%20legal%20AI%20pilot%20walkthrough&amp;body=Hi%20Igor%2C%0A%0AWe%27d%20like%20to%20review%20the%2025-minute%20ThumbGate%20legal%20AI%20intake%20pilot.%20Please%20send%20the%20meeting%20invite%20and%20demo%20materials.%0A%0ABest%2C">Book a 25-minute pilot walkthrough</a></p>
+        <p style="margin:1.2rem 0 0.6rem;color:var(--amber);font-size:1.1rem;font-weight:700;">Pilot setup fee: $2,500 &ndash; $7,500 flat (scope-dependent). No per-seat or per-query billing during the pilot.</p>
+        <div style="display:grid;grid-template-columns:repeat(auto-fit,minmax(220px,1fr));gap:0.75rem;margin:1.4rem 0 1rem;">
+          <div style="background:rgba(114,227,165,0.06);border-left:3px solid var(--green);padding:0.7rem 0.9rem;border-radius:0 6px 6px 0">
+            <strong style="color:var(--green);font-size:0.78rem;text-transform:uppercase;letter-spacing:0.08em;display:block;margin-bottom:0.3rem">What you walk away with</strong>
+            <span style="font-size:0.9rem;color:var(--soft)">A searchable audit log + RAG of every gated detection over 30 days, broken down by rule, agent, and disposition. Defensible in front of your risk committee.</span>
+          </div>
+          <div style="background:rgba(251,191,36,0.06);border-left:3px solid #fbbf24;padding:0.7rem 0.9rem;border-radius:0 6px 6px 0">
+            <strong style="color:#fbbf24;font-size:0.78rem;text-transform:uppercase;letter-spacing:0.08em;display:block;margin-bottom:0.3rem">What we don't claim</strong>
+            <span style="font-size:0.9rem;color:var(--soft)">Not SOC 2 today. Not BAA-ready as a blanket claim. No hallucination indemnity for third-party model output. Local-first deployment makes the pilot a no-client-data engagement.</span>
+          </div>
+          <div style="background:rgba(45,212,191,0.06);border-left:3px solid var(--cyan);padding:0.7rem 0.9rem;border-radius:0 6px 6px 0">
+            <strong style="color:var(--cyan);font-size:0.78rem;text-transform:uppercase;letter-spacing:0.08em;display:block;margin-bottom:0.3rem">What you bring</strong>
+            <span style="font-size:0.9rem;color:var(--soft)">One named owner, one workflow you're already evaluating AI on, your approved disclaimer language, and read-only access to whichever conflicts DB you already run.</span>
+          </div>
+        </div>
+        <div style="display:flex;gap:1rem;flex-wrap:wrap;margin-top:1rem;">
+          <a class="cta" href="mailto:iganapolsky@gmail.com?subject=ThumbGate%2025-minute%20legal%20AI%20pilot%20walkthrough&amp;body=Hi%20Igor%2C%0A%0AWe%27d%20like%20to%20review%20the%2025-minute%20ThumbGate%20legal%20AI%20intake%20pilot.%20Please%20send%20the%20meeting%20invite%20and%20demo%20materials.%0A%0ABest%2C">Book a 25-minute pilot walkthrough</a>
+          <a class="ghost" href="/dashboard">View the live dashboard demo</a>
+        </div>
+        <p style="font-size:0.85rem; color:var(--muted); margin:0.75rem 0 0;">
+          Button not opening your mail client (common on Gmail Web / iPhone)? <button type="button" onclick="__thumbgateCopyPilotEmail(this)" style="padding:0.35rem 0.7rem; font-size:0.85rem; background:transparent; color:var(--cyan); border:1px solid var(--cyan); border-radius:5px; cursor:pointer; vertical-align: baseline;">Copy the email instead</button> or write to <span style="color: var(--text); user-select: all; font-family: ui-monospace, SFMono-Regular, Menlo, monospace;">iganapolsky@gmail.com</span> directly.
+        </p>
+      </div>
+    </section>
+
+    <section id="live-gate-demos">
+      <h2>Live gate demos &mdash; try them yourself</h2>
+      <div style="border-left: 3px solid var(--cyan); background: rgba(34, 211, 238, 0.06); padding: 0.85rem 1.1rem; margin: 0 0 1.5rem; border-radius: 0 6px 6px 0;">
+        <strong style="color: var(--cyan)">Monitor vs enforce.</strong> <span style="color: var(--text)">Agent observability tools log what your agent <em>did</em>. ThumbGate gates what your agent is <em>about to do</em> &mdash; runtime block before execution, not retrospective alert after the harm. SIEM ingestion is the audit trail. The PreToolUse hook is the prevention.</span>
+      </div>
+      <p style="color:var(--muted); margin-bottom:1.5rem">These simulators use the exact same deterministic PreToolUse logic that runs in production. No LLM calls on the enforcement path &mdash; just fast, auditable pattern matching.</p>
+
+      <!-- UPL Gate Simulator -->
+      <div class="card" style="margin-bottom:2rem">
+        <h3 style="color:var(--cyan); margin-bottom:0.75rem">1. UPL Gate &mdash; advice-shaped output detector</h3>
+        <p style="font-size:0.95rem; color:var(--muted)">Paste an <strong>advice-shaped response a bot would deliver to a client</strong> (not a client's question). The gate detects predictions, recommendations, or jurisdictional legal analysis from a non-attorney source and blocks delivery. The patterns it matches were promoted from attorney 👎 feedback.</p>
+        <textarea id="upl-input" placeholder="E.g. 'Based on the facts you described, you likely have a strong claim for breach of contract and could recover significant damages.'" style="width:100%; height:90px; background:#0f0f11; color:var(--text); border:1px solid var(--line); border-radius:8px; padding:0.75rem; font-size:0.95rem; resize:vertical; margin:0.75rem 0"></textarea>
+        <div style="display:flex; gap:0.5rem; flex-wrap:wrap; align-items:center; margin-bottom:0.5rem">
+          <button onclick="runUPLDemo()" class="cta" style="padding:0.6rem 1.1rem; font-size:0.9rem">Run through UPL Gate</button>
+          <button type="button" onclick="document.getElementById('upl-input').value='You have a strong case for wrongful termination. In my opinion, you should file in the Southern District of Florida.';" style="padding:0.5rem 0.9rem; font-size:0.85rem; background:transparent; color:var(--cyan); border:1px solid var(--cyan); border-radius:6px; cursor:pointer">Fill sample &mdash; will BLOCK</button>
+          <button type="button" onclick="document.getElementById('upl-input').value='I can schedule a 30-minute consultation with one of our employment attorneys. Would 2pm Thursday work?';" style="padding:0.5rem 0.9rem; font-size:0.85rem; background:transparent; color:var(--green); border:1px solid var(--green); border-radius:6px; cursor:pointer">Fill sample &mdash; will CLEAR</button>
+        </div>
+        <div id="upl-result" class="demo-result" style="display:none"></div>
+      </div>
+
+      <!-- Conflict Check Simulator -->
+      <div class="card" style="margin-bottom:2rem">
+        <h3 style="color:var(--cyan); margin-bottom:0.75rem">2. Conflict Gate &mdash; adverse party clearance</h3>
+        <p style="font-size:0.95rem; color:var(--muted)">Enter a prospective client or party name. <strong>In production this gate queries YOUR firm's existing conflicts DB</strong> (Intapp Open, IntelliPlan, Aderant, or a custom system) &mdash; not a vendor-hosted list. ThumbGate is the agent-side enforcement; your DB stays the source of truth. The sample list below is illustrative only.</p>
+        <div style="display:flex; gap:0.75rem; align-items:flex-end; margin:0.75rem 0; flex-wrap:wrap">
+          <div style="flex:1; min-width:240px">
+            <label style="font-size:0.8rem; color:var(--muted); display:block; margin-bottom:0.25rem">Party / Company Name</label>
+            <input id="conflict-input" type="text" placeholder="Latam Real Capital" value="Latam Real Capital S.A." style="width:100%; background:#0f0f11; color:var(--text); border:1px solid var(--line); border-radius:8px; padding:0.6rem; font-size:0.95rem">
+          </div>
+          <button onclick="runConflictDemo()" class="cta" style="padding:0.6rem 1.1rem; font-size:0.9rem; white-space:nowrap">Check Against Adverse List</button>
+        </div>
+        <div style="display:flex; gap:0.5rem; flex-wrap:wrap; margin-bottom:0.5rem">
+          <button type="button" onclick="document.getElementById('conflict-input').value='Latam Real Capital S.A.';" style="padding:0.4rem 0.8rem; font-size:0.8rem; background:transparent; color:var(--cyan); border:1px solid var(--cyan); border-radius:6px; cursor:pointer">Fill &mdash; will BLOCK</button>
+          <button type="button" onclick="document.getElementById('conflict-input').value='Acme Manufacturing LLC';" style="padding:0.4rem 0.8rem; font-size:0.8rem; background:transparent; color:var(--green); border:1px solid var(--green); border-radius:6px; cursor:pointer">Fill &mdash; will CLEAR</button>
+        </div>
+        <div style="font-size:0.8rem; color:var(--muted); margin-bottom:0.5rem">Sample adverse list (synthetic, illustrative): Latam Real Capital S.A. (real estate #M-2847), Hospitalia Holdings (hospitality M&amp;A #M-2911), NovaIA Latam (AI venture #M-2755)</div>
+        <div id="conflict-result" class="demo-result" style="display:none"></div>
+      </div>
+
+      <!-- Privilege Egress Simulator -->
+      <div class="card">
+        <h3 style="color:var(--cyan); margin-bottom:0.75rem">3. Egress Gate &mdash; privilege marker detector</h3>
+        <p style="font-size:0.95rem; color:var(--muted)">Paste content an agent might try to send to an external LLM (e.g. deposition summary request). The gate blocks if it detects privilege markers. Markers are firm-defined and the list grows from attorney 👍/👎 on what the gate let through.</p>
+        <textarea id="privilege-input" placeholder="Please summarize this deposition transcript. [Attorney Work Product - Matter M-2847 - Confidential]" style="width:100%; height:90px; background:#0f0f11; color:var(--text); border:1px solid var(--line); border-radius:8px; padding:0.75rem; font-size:0.95rem; resize:vertical; margin:0.75rem 0"></textarea>
+        <div style="display:flex; gap:0.5rem; flex-wrap:wrap; align-items:center; margin-bottom:0.5rem">
+          <button onclick="runPrivilegeDemo()" class="cta" style="padding:0.6rem 1.1rem; font-size:0.9rem">Attempt External LLM Call</button>
+          <button type="button" onclick="document.getElementById('privilege-input').value='Please summarize this deposition transcript. [Attorney Work Product - Matter M-2847 - Confidential]';" style="padding:0.5rem 0.9rem; font-size:0.85rem; background:transparent; color:var(--cyan); border:1px solid var(--cyan); border-radius:6px; cursor:pointer">Fill sample &mdash; will BLOCK</button>
+          <button type="button" onclick="document.getElementById('privilege-input').value='Please summarize the public press release announcing the merger between Acme Corp and Foobar Inc.';" style="padding:0.5rem 0.9rem; font-size:0.85rem; background:transparent; color:var(--green); border:1px solid var(--green); border-radius:6px; cursor:pointer">Fill sample &mdash; will CLEAR</button>
+        </div>
+        <div id="privilege-result" class="demo-result" style="display:none"></div>
       </div>
+
+      <script>
+        function escapeHtml(s) {
+          return String(s).replace(/[&<>"']/g, function(c) {
+            return { '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c];
+          });
+        }
+        window.__thumbgateCopyPilotEmail = function(btn) {
+          var body = "Hi Igor,\n\nWe'd like to review the 25-minute ThumbGate legal AI intake pilot. Please send the meeting invite and demo materials.\n\nBest,";
+          var full = "To: iganapolsky@gmail.com\nSubject: ThumbGate 25-minute legal AI pilot walkthrough\n\n" + body;
+          var done = function(label) {
+            var orig = btn.dataset.origLabel || btn.textContent;
+            btn.dataset.origLabel = orig;
+            btn.textContent = label;
+            setTimeout(function() { btn.textContent = orig; }, 2400);
+          };
+          if (navigator.clipboard && navigator.clipboard.writeText) {
+            navigator.clipboard.writeText(full)
+              .then(function() { done('Copied — paste into Gmail or any mail client'); })
+              .catch(function() { done('Copy failed — email iganapolsky@gmail.com directly'); });
+          } else {
+            done('Email iganapolsky@gmail.com directly');
+          }
+        };
+        // Produces the same JSON shape a production ThumbGate gate would stream to the firm's SIEM.
+        // Includes ISO 27001 control mapping so procurement can map evidence to controls without translation.
+        window.__thumbgateBuildAudit = function(args) {
+          return {
+            audit_id: args.audit_id,
+            timestamp_iso: args.timestamp_iso,
+            rule: { id: args.rule_id, version: args.rule_version, matched: args.matched },
+            blocked_call: {
+              agent: args.agent,
+              input_excerpt: String(args.input || '').slice(0, 280),
+              matter_context: args.matter_context
+            },
+            action: args.action,
+            reviewer: null,
+            iso_27001_controls: args.iso_controls,
+            generated_by: 'ThumbGate PreToolUse Gate (sample export — production version streams to your SIEM)',
+            sample_disclaimer: 'Synthetic audit record for evaluation. No real client data referenced.'
+          };
+        };
+        window.__thumbgateDownloadAudit = function(payload, filename) {
+          try {
+            var json = JSON.stringify(payload, null, 2);
+            var blob = new Blob([json], { type: 'application/json' });
+            var url = URL.createObjectURL(blob);
+            var a = document.createElement('a');
+            a.href = url; a.download = filename;
+            document.body.appendChild(a); a.click();
+            document.body.removeChild(a);
+            setTimeout(function() { URL.revokeObjectURL(url); }, 10000);
+          } catch (e) { console.error('audit download failed', e); }
+        };
+        window.__thumbgateAuditRegistry = {};
+        window.__thumbgateAuditByKey = function(key) {
+          var entry = window.__thumbgateAuditRegistry[key];
+          if (!entry) return;
+          window.__thumbgateDownloadAudit(entry.payload, entry.filename);
+        };
+        window.__thumbgateAuditButton = function(key, payload, filename) {
+          window.__thumbgateAuditRegistry[key] = { payload: payload, filename: filename };
+          return '<button class="cta" style="margin-top:0.5rem; padding:0.45rem 0.9rem; font-size:0.82rem; background:transparent; color:var(--cyan); border:1px solid var(--cyan)" ' +
+            'onclick="__thumbgateAuditByKey(\'' + key + '\')">' +
+            'Download audit JSON (sample) &darr;</button>';
+        };
+        function runUPLDemo() {
+          var input = document.getElementById('upl-input').value.trim();
+          var resultDiv = document.getElementById('upl-result');
+          if (!input) { resultDiv.style.display = 'none'; return; }
+          var advicePatterns = ['you have a strong case', 'likely to win', 'you should', 'recommend that you', 'based on the facts you described', 'in my opinion', 'the best course is', 'you are entitled to'];
+          var lower = input.toLowerCase();
+          var blocked = false;
+          var reason = '';
+          for (var i = 0; i < advicePatterns.length; i++) {
+            if (lower.indexOf(advicePatterns[i]) !== -1) { blocked = true; reason = advicePatterns[i]; break; }
+          }
+          if (blocked) {
+            var uplPayload = __thumbgateBuildAudit({
+              audit_id: 'UPL-2847-20260526-091204',
+              timestamp_iso: '2026-05-26T09:12:04Z',
+              rule_id: 'UPL_RULE_05.5_ADVICE_SHAPE',
+              rule_version: '3.2',
+              matched: 'advice-shaped output from non-attorney source ("' + reason + '")',
+              agent: 'website-intake-bot-v2',
+              input: input,
+              matter_context: 'New client intake (web)',
+              action: 'REPLACE + LOG + NOTIFY_ATTORNEY',
+              iso_controls: ['A.5.34 (Privacy & PII protection)', 'A.5.24 (Information security incident management)']
+            });
+            resultDiv.innerHTML =
+              '<div class="demo-blocked">' +
+              '<strong style="color:#f87171">BLOCKED &mdash; UPL Gate fired</strong><br>' +
+              'Detected advice-shaped pattern: "' + escapeHtml(reason) + '"<br><br>' +
+              '<strong>Corrective action taken:</strong><br>' +
+              'Response replaced with: <em>"That\'s a legal question best answered by a licensed attorney. I can schedule a 30-minute consultation with one of our [practice area] attorneys &mdash; would [time] work for you?"</em><br><br>' +
+              '<div class="audit-log">[2026-05-26 09:12:04] PreToolUse gate: UPL_RULE_05.5_ADVICE_SHAPE v3.2\nRule matched: advice-shaped output from non-attorney source\nAction: REPLACE + LOG + NOTIFY_ATTORNEY\nAudit ID: UPL-2847-20260526-091204\nMatter context: New client intake (web)\nAgent: website-intake-bot-v2</div>' +
+              __thumbgateAuditButton('upl', uplPayload, 'ThumbGate-Audit-UPL-2847-2026-05-26.json') +
+              '</div>';
+          } else {
+            resultDiv.innerHTML =
+              '<div class="demo-cleared">' +
+              '<strong style="color:#34d399">CLEARED &mdash; no UPL pattern detected</strong><br>' +
+              'Response would be delivered as-is. (In production this would still be logged for training.)' +
+              '</div>';
+          }
+          resultDiv.style.display = 'block';
+        }
+
+        function runConflictDemo() {
+          var party = document.getElementById('conflict-input').value.trim().toLowerCase();
+          var resultDiv = document.getElementById('conflict-result');
+          if (!party) { resultDiv.style.display = 'none'; return; }
+          var adverseList = ['latam real capital', 'latam real', 'hospitalia holdings', 'hospitalia', 'novaia latam', 'novaia'];
+          var isAdverse = adverseList.some(function(a) { return party.indexOf(a) !== -1; });
+          if (isAdverse) {
+            var conflictPayload = __thumbgateBuildAudit({
+              audit_id: 'CONF-2911-20260526-091204',
+              timestamp_iso: '2026-05-26T09:12:04Z',
+              rule_id: 'CONFLICT_RULE_1.7_ADVERSE',
+              rule_version: '4.1',
+              matched: 'adverse-parties list match for "' + party + '"',
+              agent: 'doc-fetch-agent-v1',
+              input: party,
+              matter_context: 'New M&A intake — preliminary conflict check',
+              action: 'BLOCK + REDIRECT + LOG',
+              iso_controls: ['A.5.10 (Acceptable use of information)', 'A.5.24 (Information security incident management)', 'A.8.10 (Information deletion)']
+            });
+            resultDiv.innerHTML =
+              '<div class="demo-blocked">' +
+              '<strong style="color:#f87171">BLOCKED &mdash; Conflict Gate fired</strong><br>' +
+              '"' + escapeHtml(party) + '" matches adverse party in existing matter.<br><br>' +
+              '<strong>Corrective action:</strong> Fetch blocked. Agent redirected to: <em>"This party appears as adverse in matter M-2847. Contact ethics screen lead before proceeding."</em><br><br>' +
+              '<div class="audit-log">[2026-05-26 09:12:04] PreToolUse gate: CONFLICT_RULE_1.7_ADVERSE v4.1\nMatched: adverse-parties list\nAction: BLOCK + REDIRECT + LOG\nAudit ID: CONF-2911-20260526-091204\nRequesting matter: New M&amp;A intake\nAgent: doc-fetch-agent-v1</div>' +
+              __thumbgateAuditButton('conflict', conflictPayload, 'ThumbGate-Audit-CONF-2911-2026-05-26.json') +
+              '</div>';
+          } else {
+            resultDiv.innerHTML =
+              '<div class="demo-cleared">' +
+              '<strong style="color:#34d399">CLEARED &mdash; no conflict found</strong><br>' +
+              'Positive clearance recorded. Agent may proceed with intake.<br><br>' +
+              '<div class="audit-log">[2026-05-26 09:12:04] PreToolUse gate: CONFLICT_RULE_1.7_ADVERSE v4.1\nResult: CLEAR (no match in adverse list)\nAction: ALLOW + LOG\nAudit ID: CONF-2912-20260526-091204</div>' +
+              '</div>';
+          }
+          resultDiv.style.display = 'block';
+        }
+
+        function runPrivilegeDemo() {
+          var input = document.getElementById('privilege-input').value.trim();
+          var resultDiv = document.getElementById('privilege-result');
+          if (!input) { resultDiv.style.display = 'none'; return; }
+          var privMarkers = ['attorney work product', 'privileged', 'confidential - attorney client', 'matter m-', 'm-2847', 'm-2911'];
+          var lower = input.toLowerCase();
+          var blocked = false;
+          var marker = '';
+          for (var i = 0; i < privMarkers.length; i++) {
+            if (lower.indexOf(privMarkers[i]) !== -1) { blocked = true; marker = privMarkers[i]; break; }
+          }
+          if (blocked) {
+            var privilegePayload = __thumbgateBuildAudit({
+              audit_id: 'PRIV-2755-20260526-091204',
+              timestamp_iso: '2026-05-26T09:12:04Z',
+              rule_id: 'EGRESS_RULE_1.6_PRIVILEGE',
+              rule_version: '2.8',
+              matched: 'privilege marker in outbound payload ("' + marker + '")',
+              agent: 'brief-assistant-v3',
+              input: input,
+              matter_context: 'Outbound LLM call from attorney workspace',
+              action: 'BLOCK + REDIRECT_TO_TENANT_LLM + LOG',
+              iso_controls: ['A.5.34 (Privacy & PII protection)', 'A.5.14 (Information transfer)', 'A.8.24 (Use of cryptography)']
+            });
+            resultDiv.innerHTML =
+              '<div class="demo-blocked">' +
+              '<strong style="color:#f87171">BLOCKED &mdash; Egress Gate fired</strong><br>' +
+              'Detected privilege marker: "' + escapeHtml(marker) + '"<br><br>' +
+              '<strong>Corrective action:</strong> Outbound call to external LLM blocked. Redirected to in-tenant Azure OpenAI (BAA-protected) or internal summarizer.<br><br>' +
+              '<div class="audit-log">[2026-05-26 09:12:04] PreToolUse gate: EGRESS_RULE_1.6_PRIVILEGE v2.8\nRule matched: privilege marker in outbound payload\nAction: BLOCK + REDIRECT_TO_TENANT_LLM + LOG\nAudit ID: PRIV-2755-20260526-091204\nContent hash: sha256:7f3a... (truncated)\nAgent: brief-assistant-v3</div>' +
+              __thumbgateAuditButton('privilege', privilegePayload, 'ThumbGate-Audit-PRIV-2755-2026-05-26.json') +
+              '</div>';
+          } else {
+            resultDiv.innerHTML =
+              '<div class="demo-cleared">' +
+              '<strong style="color:#34d399">CLEARED &mdash; no privilege markers detected</strong><br>' +
+              'Content would be sent to external LLM (in production this would still trigger logging + optional human review flag).' +
+              '</div>';
+          }
+          resultDiv.style.display = 'block';
+        }
+
+        // Keyboard support: Enter submits, Shift+Enter inserts newline
+        var uplEl = document.getElementById('upl-input');
+        if (uplEl) uplEl.addEventListener('keydown', function(e) {
+          if (e.key === 'Enter' && !e.shiftKey) { e.preventDefault(); runUPLDemo(); }
+        });
+        var privEl = document.getElementById('privilege-input');
+        if (privEl) privEl.addEventListener('keydown', function(e) {
+          if (e.key === 'Enter' && !e.shiftKey) { e.preventDefault(); runPrivilegeDemo(); }
+        });
+      </script>
     </section>
   </main>
 

package/public/blog.html

@@ -11,7 +11,7 @@
     />
     <link
       rel="canonical"
-      href="https://thumbgate-production.up.railway.app/blog"
+      href="https://thumbgate.ai/blog"
     />
     <meta
       property="og:title"
@@ -24,14 +24,14 @@
     <meta property="og:type" content="website" />
     <meta
       property="og:url"
-      content="https://thumbgate-production.up.railway.app/blog"
+      content="https://thumbgate.ai/blog"
     />
     <script type="application/ld+json">
       {
         "@context": "https://schema.org",
         "@type": "Blog",
         "name": "ThumbGate Blog",
-        "url": "https://thumbgate-production.up.railway.app/blog",
+        "url": "https://thumbgate.ai/blog",
         "publisher": { "@type": "Organization", "name": "ThumbGate" },
         "blogPost": [
           {

package/public/codex-enterprise.html

@@ -9,8 +9,8 @@
 <meta property="og:title" content="ThumbGate for Codex in the Enterprise">
 <meta property="og:description" content="Dell-distributed or self-hosted, Codex agents repeat the same mistakes. ThumbGate is the governance layer underneath — capture, promote, audit.">
 <meta property="og:type" content="article">
-<meta property="og:image" content="https://thumbgate-production.up.railway.app/og.png">
-<link rel="canonical" href="https://thumbgate-production.up.railway.app/codex-enterprise">
+<meta property="og:image" content="https://thumbgate.ai/og.png">
+<link rel="canonical" href="https://thumbgate.ai/codex-enterprise">
 <script type="application/ld+json">
 {
   "@context": "https://schema.org",
@@ -20,7 +20,7 @@
   "datePublished": "2026-05-20",
   "dateModified": "2026-05-20",
   "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
-  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate-production.up.railway.app" },
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
   "about": [
     { "@type": "Thing", "name": "OpenAI Codex" },
     { "@type": "Thing", "name": "Dell Codex Enterprise" },

package/public/codex-plugin.html

@@ -10,8 +10,8 @@
 <meta property="og:title" content="ThumbGate for Codex">
 <meta property="og:description" content="Auto-updating MCP and hook launcher for Codex. One install, then ThumbGate resolves the latest npm runtime when Codex starts.">
 <meta property="og:type" content="website">
-<meta property="og:url" content="https://thumbgate-production.up.railway.app/codex-plugin">
-<link rel="canonical" href="https://thumbgate-production.up.railway.app/codex-plugin">
+<meta property="og:url" content="https://thumbgate.ai/codex-plugin">
+<link rel="canonical" href="https://thumbgate.ai/codex-plugin">
 <link rel="llm-context" href="/llm-context.md" type="text/markdown">
 
 <script type="application/ld+json">
@@ -22,9 +22,9 @@
   "applicationCategory": "DeveloperApplication",
   "operatingSystem": "macOS, Linux, Windows with Node.js",
   "description": "ThumbGate for Codex installs an MCP server and hook launcher that resolves thumbgate@latest at startup, captures thumbs-up/down feedback, and enforces Pre-Action Checks before risky agent actions run.",
-  "url": "https://thumbgate-production.up.railway.app/codex-plugin",
+  "url": "https://thumbgate.ai/codex-plugin",
   "downloadUrl": "https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip",
-  "installUrl": "https://thumbgate-production.up.railway.app/codex-plugin",
+  "installUrl": "https://thumbgate.ai/codex-plugin",
   "license": "https://opensource.org/licenses/MIT",
   "dateModified": "2026-04-20",
   "creator": {

package/public/compare.html

@@ -11,8 +11,8 @@
 <meta property="og:title" content="Best Pre-Action Check Tools for AI Coding Agents (2026 Comparison)">
 <meta property="og:description" content="Compare pre-action check tools that prevent AI coding agents from making costly mistakes. ThumbGate vs manual review vs post-hoc fixes.">
 <meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate-production.up.railway.app/compare">
-<link rel="canonical" href="https://thumbgate-production.up.railway.app/compare">
+<meta property="og:url" content="https://thumbgate.ai/compare">
+<link rel="canonical" href="https://thumbgate.ai/compare">
 
 <script type="application/ld+json">
 {
@@ -28,11 +28,11 @@
   "publisher": {
     "@type": "Organization",
     "name": "ThumbGate",
-    "url": "https://thumbgate-production.up.railway.app"
+    "url": "https://thumbgate.ai"
   },
   "datePublished": "2026-04-08",
   "dateModified": "2026-04-08",
-  "mainEntityOfPage": "https://thumbgate-production.up.railway.app/compare"
+  "mainEntityOfPage": "https://thumbgate.ai/compare"
 }
 </script>
 
@@ -62,7 +62,7 @@
       "name": "Is ThumbGate free?",
       "acceptedAnswer": {
         "@type": "Answer",
-        "text": "ThumbGate has a free tier that includes local enforcement with unlimited feedback captures, up to 5 active auto-promoted prevention rules, and pre-action check blocking. Pro ($19/mo or $149/yr) adds a personal local dashboard, recall, lesson search, unlimited rules, and DPO export. Team rollout ($49/seat/mo) adds a shared lesson database and org dashboard."
+        "text": "ThumbGate has a free tier that includes local enforcement with 5 feedback captures/day, 25 total captures, up to 3 active auto-promoted prevention rules, and pre-action check blocking. Pro ($19/mo or $149/yr) adds hosted sync, a personal local dashboard, recall, lesson search, unlimited captures/rules, and DPO export. Team rollout ($49/seat/mo) adds a shared lesson database and org dashboard."
       }
     },
     {
@@ -311,7 +311,7 @@
 
 <div class="card">
   <h3>Is ThumbGate free?</h3>
-  <p>ThumbGate has a free tier that includes local enforcement with unlimited feedback captures, up to 5 active auto-promoted prevention rules, and pre-action check blocking. Pro ($19/mo or $149/yr) adds a personal local dashboard, recall, lesson search, unlimited rules, and DPO export. Team rollout ($49/seat/mo) adds a shared lesson database and org dashboard.</p>
+  <p>ThumbGate has a free tier that includes local enforcement with 5 feedback captures/day, 25 total captures, up to 3 active auto-promoted prevention rules, and pre-action check blocking. Pro ($19/mo or $149/yr) adds hosted sync, a personal local dashboard, recall, lesson search, unlimited captures/rules, and DPO export. Team rollout ($49/seat/mo) adds a shared lesson database and org dashboard.</p>
 </div>
 
 <div class="card">