thumbgate 1.27.11 → 1.27.13

package/public/learn/regulated-agent-execution-boundary.html

@@ -1,196 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>The $1.4M Cost of Building Agent Guardrails — Why Pre-Action Gates Are the Buy-Side Answer</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="The New Stack put a $1.4M / 18-month price tag on DIY agentic AI platforms in regulated industries. Building the orchestration is the easy part — even after you buy a platform, agents still touch prod. Here's the execution-boundary layer they didn't name.">
-<meta name="keywords" content="agentic AI build vs buy, regulated industries AI agents, DORA AI Act compliance, agent execution boundary, pre-action gates, agent guardrails, Claude Code governance, ThumbGate, agent reliability gateway">
-<meta property="og:title" content="The $1.4M Cost of Building Agent Guardrails — And Why Pre-Action Gates Are the Buy-Side Answer">
-<meta property="og:description" content="Bryan Ross at GitLab argued buy-don't-build for agentic AI platforms in regulated industries. He's right — and there's one layer the article didn't name. Even after you buy the platform, agents still touch prod.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/regulated-agent-execution-boundary">
-<link rel="canonical" href="https://thumbgate.ai/learn/regulated-agent-execution-boundary">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "The $1.4M Cost of Building Agent Guardrails — And Why Pre-Action Gates Are the Buy-Side Answer",
-  "description": "DIY agentic AI platforms in regulated industries carry a $1.4M / 18-month price tag. The orchestration layer is only half the buy decision — the other half is the execution boundary between the agent and prod.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-05-18",
-  "dateModified": "2026-05-18",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/regulated-agent-execution-boundary",
-  "citation": {
-    "@type": "Article",
-    "headline": "The hidden cost of build vs. buy for agentic AI in regulated industries",
-    "author": "Bryan Ross",
-    "publisher": "The New Stack",
-    "url": "https://thenewstack.io/agentic-ai-build-buy/",
-    "datePublished": "2026-05-15"
-  }
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .cite-box {
-    background: var(--bg-card);
-    border-left: 3px solid var(--cyan);
-    border-radius: 6px;
-    padding: 1rem 1.25rem;
-    margin: 1.5rem 0;
-    font-size: 0.95rem;
-    color: var(--text-dim);
-  }
-  .cite-box a { color: var(--cyan); text-decoration: none; }
-  .cite-box a:hover { text-decoration: underline; }
-  .number-callout {
-    display: inline-block;
-    color: var(--cyan);
-    font-weight: 700;
-    font-size: 1.15em;
-  }
-  .compare-table {
-    width: 100%;
-    border-collapse: collapse;
-    margin: 1.5rem 0;
-    font-size: 0.95rem;
-  }
-  .compare-table th, .compare-table td {
-    padding: 12px 14px;
-    text-align: left;
-    border-bottom: 1px solid var(--border);
-    vertical-align: top;
-  }
-  .compare-table th {
-    background: var(--bg-card);
-    color: var(--text);
-    font-weight: 700;
-  }
-  .compare-table td:first-child {
-    font-weight: 600;
-    color: var(--text);
-  }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/pricing">Pricing</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / Regulated Agent Execution Boundary</div>
-  <h1>The $1.4M Cost of Building Agent Guardrails</h1>
-  <p class="lede">GitLab's Field CTO put a price on DIY agentic AI platforms in regulated industries: <span class="number-callout">$1.4M and 18 months</span>. The article is right about the build-vs-buy frame. It's missing the layer that decides whether the platform survives its first production incident.</p>
-
-  <div class="cite-box">
-    <strong>Cited:</strong> Bryan Ross (GitLab Field CTO), <a href="https://thenewstack.io/agentic-ai-build-buy/" target="_blank" rel="noopener">"The hidden cost of build vs. buy for agentic AI in regulated industries"</a>, The New Stack, May 15, 2026. We agree with the thesis. This post extends it.
-  </div>
-
-  <h2>What the article gets right</h2>
-
-  <p>The frame is correct. In banking, insurance, and any DORA / EU AI Act surface area, internally-built agentic AI platforms compound regulatory obligation faster than they compound capability. The article identifies the real cost drivers honestly: agentic-framework management, prompt-injection defenses, sandboxing, SIEM and DLP integration, red-team testing, and ongoing documentation under DORA and the EU AI Act. Each is an ongoing obligation, not a one-time install.</p>
-
-  <p>The article also names the right architectural insight: <em>the model isn't where the complexity lives</em>. The orchestration sitting in front of it is. Picking which tool the agent invokes, in what sequence, with what guardrails, with what accountability trail — that's the actual platform problem.</p>
-
-  <h2>The layer the article didn't name</h2>
-
-  <p>Here's the gap. The article frames the buy decision as <em>platform vs. no platform</em>. But even after you buy GitLab's agentic platform, or Claude Code's, or Cursor's, or any vendor's — the agent still issues tool calls against your real systems. Real git pushes. Real production database connections. Real Stripe API keys. Real file deletions.</p>
-
-  <p>The orchestration layer the article describes decides <em>which tool</em>. The layer underneath decides whether that tool call actually executes.</p>
-
-  <p>That layer has a name: the <strong>pre-action gate</strong>. Or, as the broader industry is starting to call it, the <strong>agent execution boundary</strong>. It sits between the agent's tool-call intent and the irreversible operation, evaluates the call against learned policy, and blocks the ones a human reviewer has already said "no" to in past sessions.</p>
-
-  <h2>Why this matters specifically for regulated buyers</h2>
-
-  <p>Under DORA Article 6 and the EU AI Act's high-risk provider obligations, "an agent did the wrong thing" is not a defense. The regulated entity remains accountable for every action attributable to a system it deployed. That means the audit question is never <em>did your agent platform have good intentions</em>; it's <em>can you produce the exact sequence of policy evaluations that allowed or blocked each privileged action, with timestamps</em>.</p>
-
-  <p>An orchestration platform without an execution boundary can tell you what the agent <em>tried to do</em>. An execution boundary tells you what it was actually <em>permitted</em> to do, and which learned rule made that decision. Only the second one satisfies an auditor.</p>
-
-  <h2>Build-vs-buy applies recursively</h2>
-
-  <p>The article's three questions — Is the requirement truly unique? How much regulatory surface area can the organization realistically own? What's the time horizon? — apply just as well to the execution-boundary layer as to the orchestration layer above it.</p>
-
-  <table class="compare-table">
-    <thead>
-      <tr>
-        <th>Layer</th>
-        <th>Build internally</th>
-        <th>Buy</th>
-      </tr>
-    </thead>
-    <tbody>
-      <tr>
-        <td>Orchestration / agentic framework</td>
-        <td>The $1.4M / 18-month estimate from the GitLab piece</td>
-        <td>GitLab Duo, Anthropic Claude Code, vendor platforms</td>
-      </tr>
-      <tr>
-        <td>Execution boundary / pre-action gate</td>
-        <td>~3–6 engineer-months to build the hook layer, plus ongoing rule maintenance and SIEM integration</td>
-        <td>ThumbGate Pro / Team / Regulated — installs in one command</td>
-      </tr>
-      <tr>
-        <td>Audit trail of decisions</td>
-        <td>Custom telemetry pipeline, immutable storage, retention policy</td>
-        <td>Included with the execution-boundary purchase if you pick one with audit export</td>
-      </tr>
-    </tbody>
-  </table>
-
-  <p>The article's argument generalizes: you don't want some teams to be agent-enabled and some not. You want every team to be agent-enabled, consistently, in a way that's governable and scalable. The execution boundary is exactly where that consistency lives at the tool-call level.</p>
-
-  <h2>What an execution boundary actually does at runtime</h2>
-
-  <p>Concretely, on a Claude Code or Cursor PreToolUse hook, a pre-action gate fires before each privileged tool call. It runs the planned call through a learned rule set — rules generated from past human feedback on past agent failures in the same codebase — and returns one of: allow, allow with confirmation, or block-with-reason.</p>
-
-  <p>This is not a memory layer. Memory layers help the agent remember <em>what you told it</em>. An execution boundary enforces <em>what you wouldn't accept</em>. The two compose; they don't substitute.</p>
-
-  <p>For the auditor, the artifact is a per-decision row: who initiated the call, what the call would have done, which rule evaluated it, what the outcome was, and which past feedback event taught that rule. That's the evidence DORA Article 28 and the EU AI Act post-market monitoring articles actually ask for.</p>
-
-  <h2>The honest constraint</h2>
-
-  <p>An execution boundary is not a hallucination filter and not a model-quality fix. It does not make a bad agent good. It makes a fast agent <em>safe to ship</em> by stopping it from re-committing mistakes it has already been corrected on in your environment.</p>
-
-  <p>That distinction is the whole product. If you're in banking, insurance, healthcare, or any other DORA / EU AI Act surface, the relevant question after reading the Ross piece isn't <em>should I buy an agent platform</em>. The answer there is already yes. The next question is <em>what's between that platform and prod</em>.</p>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Skip the $1.4M. Install the execution boundary.</h2>
-    <p>ThumbGate ships as a pre-action gate for every major agent surface (Claude Code, Cursor, Codex, Gemini, Amp, any MCP agent). MIT-licensed core. Audit-ready enforcement proof on Pro. DORA/EU AI Act evidence packaging on Regulated.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related guides</h3>
-    <a href="/learn/ai-agent-governance">AI Agent Governance — The Four Layers Pattern →</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained →</a>
-    <a href="/learn/stop-ai-agent-force-push">How to Stop an AI Agent From Force-Pushing →</a>
-    <a href="/learn/agent-swarms-shared-gates">Agent Swarms and Shared Gates →</a>
-  </div>
-</div>
-
-
-  <div class="sticky-cta">
-    <span style="color:var(--muted)">Try it now:</span>
-    <code>npx thumbgate init</code>
-    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-  </div>
-</body>
-</html>

package/public/learn/spec-driven-development.html

@@ -1,168 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Spec-Driven Development for AI Agents — How ThumbGate Enforces the Spec</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Spec-driven development tells AI agents what to build via mission.md, tech-stack.md, and roadmap.md. ThumbGate enforces the spec at the gate layer so agents cannot drift outside scope.">
-<meta name="keywords" content="spec-driven development, spec driven AI coding, mission.md, tech-stack.md, roadmap.md, AI agent spec enforcement, Claude Code spec, Cursor spec workflow, ThumbGate">
-<meta property="og:title" content="Spec-Driven Development for AI Agents — Runtime Enforcement with ThumbGate">
-<meta property="og:description" content="Writing the spec is half the work. The other half is making the agent stay inside it. ThumbGate gates tool calls against your spec so drift is blocked at the hook layer.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/spec-driven-development">
-<link rel="canonical" href="https://thumbgate.ai/learn/spec-driven-development">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "Spec-Driven Development for AI Agents — How ThumbGate Enforces the Spec",
-  "description": "Spec-driven development gives AI coding agents a mission, tech-stack, and roadmap to follow. ThumbGate is the runtime enforcement layer that blocks tool calls that drift outside the spec.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-05-14",
-  "dateModified": "2026-05-14",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/spec-driven-development"
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .spec-grid { display: grid; grid-template-columns: 1fr 1fr 1fr; gap: 16px; margin: 1.5rem 0; }
-  .spec-grid > div { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; }
-  .spec-grid h4 { font-size: 0.95rem; margin-bottom: 0.5rem; color: var(--green); }
-  .spec-grid code { font-size: 0.85rem; }
-  @media (max-width: 800px) { .spec-grid { grid-template-columns: 1fr; } }
-  .layer { display: grid; grid-template-columns: 1fr 1fr; gap: 16px; margin: 1.5rem 0; }
-  .layer > div { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; }
-  @media (max-width: 700px) { .layer { grid-template-columns: 1fr; } }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / Spec-Driven Development</div>
-  <h1>Spec-Driven Development for AI Agents</h1>
-  <p style="color:var(--muted);">4 min read &middot; For teams moving from vibe-coding to repeatable AI development</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> Spec-driven development gives agents three constitution files — <code>mission.md</code>, <code>tech-stack.md</code>, <code>roadmap.md</code> — plus per-feature plan / requirements / validation docs. The spec only works if the agent cannot drift outside it. ThumbGate is the runtime enforcement layer that blocks tool calls that violate the spec, at the PreToolUse hook layer.</div>
-
-  <h2>The constitution: three files that define your project</h2>
-  <p>Spec-driven development replaces conversational LLM iteration with a small set of source-of-truth documents stored in the repo. The agent reads them, the team reads them, and they get updated together.</p>
-
-  <div class="spec-grid">
-    <div>
-      <h4>mission.md</h4>
-      <p>The <em>why</em>. What this project is, who it serves, what the non-goals are.</p>
-    </div>
-    <div>
-      <h4>tech-stack.md</h4>
-      <p>Approved technical choices, deployment process, the rails the agent must stay on.</p>
-    </div>
-    <div>
-      <h4>roadmap.md</h4>
-      <p>Phases, planned features, current priorities. Updated as work lands.</p>
-    </div>
-  </div>
-
-  <h2>Per-feature artifacts</h2>
-  <p>Each feature gets its own dated directory (<code>2026-05-14-feature-name/</code>) with three files:</p>
-  <ul>
-    <li><strong>plan.md</strong> — numbered task groups</li>
-    <li><strong>requirements.md</strong> — scope, decisions, context</li>
-    <li><strong>validation.md</strong> — how the feature is considered done</li>
-  </ul>
-
-  <h2>Where spec-driven development breaks</h2>
-  <p>The spec only matters if the agent stays inside it. In practice, the agent reads the constitution into context once, then drifts as the conversation grows. Context compaction evicts <code>tech-stack.md</code> before it evicts the last 200 lines of the chat. Long-running sessions touch files the spec never mentioned.</p>
-
-  <div class="callout callout-yellow">
-    <strong>The hard part is not writing the spec. It is enforcing it.</strong>
-  </div>
-
-  <h2>Two layers: the spec, and the gate</h2>
-  <div class="layer">
-    <div>
-      <h4>Layer 1 — The spec</h4>
-      <ul>
-        <li>Human-authored markdown files in the repo</li>
-        <li>Read by the agent at session start</li>
-        <li>Stored as the source of truth</li>
-        <li>Updated by humans during planning</li>
-      </ul>
-    </div>
-    <div>
-      <h4>Layer 2 — The gate</h4>
-      <ul>
-        <li>ThumbGate hooks intercept tool calls before execution</li>
-        <li>Each call is checked against the spec's scope</li>
-        <li>Out-of-scope writes, destructive commands, and dependency drift are blocked</li>
-        <li>The agent gets a structured error and a path back to the spec</li>
-      </ul>
-    </div>
-  </div>
-
-  <h2>What ThumbGate actually checks against the spec</h2>
-  <p>ThumbGate ingests the constitution files and uses them as the policy source for PreToolUse checks:</p>
-  <ul>
-    <li><strong>Scope drift:</strong> if <code>tech-stack.md</code> says Postgres but the agent runs <code>npm install mongoose</code>, the install is blocked</li>
-    <li><strong>Path drift:</strong> if the current feature's <code>requirements.md</code> lists <code>src/auth/*</code> as in-scope, writes to <code>src/billing/*</code> require confirmation</li>
-    <li><strong>Validation enforcement:</strong> if <code>validation.md</code> says "no merge without integration tests passing", merge tool calls are gated</li>
-    <li><strong>Phase enforcement:</strong> if <code>roadmap.md</code> marks a feature as "Phase 3" and you are in Phase 1, related code paths are protected</li>
-  </ul>
-
-  <h2>Why prompt rules alone do not work</h2>
-  <p>Spec-driven dev usually starts with <code>CLAUDE.md</code> or <code>.cursorrules</code> referencing the constitution. Those files live inside the agent's context. They compete with the live conversation for attention. When the context window pressures up, prompt rules are the first thing to lose weight.</p>
-  <p>Pre-action checks live <em>outside</em> the agent. They run in a separate process at the hook boundary. The agent cannot reason its way around a closed file handle.</p>
-
-  <div class="callout callout-green">
-    <strong>Mental model:</strong> The spec is the law. ThumbGate is the bailiff.
-  </div>
-
-  <h2>Adoption in two steps</h2>
-  <ol>
-    <li><strong>Write the constitution.</strong> Three files: <code>mission.md</code>, <code>tech-stack.md</code>, <code>roadmap.md</code>. Keep them short.</li>
-    <li><strong>Install the gate.</strong> <code>npx thumbgate init</code> — auto-detects the agent and wires the PreToolUse hooks. Point ThumbGate at the constitution path.</li>
-  </ol>
-  <p>From there, the agent reads the spec into context every session, and ThumbGate enforces it on every tool call.</p>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Stop hoping your agent reads the spec</h2>
-    <p>Spec-driven development is real only when the spec is enforced. Install ThumbGate and let the gate do the policing.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related guides</h3>
-    <a href="/learn/from-prototype-to-production">From Prototype to Production with AI Agents &rarr;</a>
-    <a href="/learn/vibe-coding-safety-net">The Vibe Coding Safety Net You Are Missing &rarr;</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
-    <a href="/pricing">ThumbGate Pricing &rarr;</a>
-  </div>
-</div>
-
-
-  <div class="sticky-cta">
-    <span style="color:var(--muted)">Try it now:</span>
-    <code>npx thumbgate init</code>
-    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-  </div>
-</body>
-</html>

package/public/learn/stop-ai-agent-force-push.html

@@ -1,134 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>How to Stop AI Agents From Force-Pushing to Main — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Your AI coding agent just force-pushed to main. Again. Here is how to make that physically impossible with a pre-action check in two minutes.">
-<meta name="keywords" content="AI agent force push, Claude Code force push prevention, git push force main, AI coding agent git safety, pre-action checks, ThumbGate">
-<meta property="og:title" content="How to Stop AI Agents From Force-Pushing to Main">
-<meta property="og:description" content="Make force-push to main physically impossible for your AI coding agent with a pre-action check.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/stop-ai-agent-force-push">
-<link rel="canonical" href="https://thumbgate.ai/learn/stop-ai-agent-force-push">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "How to Stop AI Agents From Force-Pushing to Main",
-  "description": "Make force-push to main physically impossible for your AI coding agent with a pre-action check.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-04-01",
-  "dateModified": "2026-04-01",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/stop-ai-agent-force-push",
-  "about": [
-    {"@type": "Thing", "name": "git force push prevention"},
-    {"@type": "Thing", "name": "AI coding agent safety"},
-    {"@type": "Thing", "name": "pre-action checks"}
-  ]
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / Stop AI Agent Force-Push</div>
-  <h1>How to Stop AI Agents From Force-Pushing to Main</h1>
-  <p style="color:var(--muted);">2 min read &middot; Works with Claude Code, Cursor, Codex, and any MCP agent</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> Your AI agent will force-push to main unless you physically prevent it. One PreToolUse hook + two minutes = impossible.</div>
-
-  <h2>The problem</h2>
-  <p>You write <code>never force-push to main</code> in your CLAUDE.md. Your agent reads it. Then it force-pushes to main anyway. Prompt rules are suggestions. Agents can and do ignore them when the context window fills up or when a chain of reasoning overrides the instruction.</p>
-
-  <div class="callout callout-red">
-    <strong>Real example:</strong> A developer lost 14 commits when their Claude Code agent ran <code>git push --force origin main</code> during a rebase. The CLAUDE.md said "never force-push." The agent did it anyway.
-  </div>
-
-  <h2>Why prompt rules fail</h2>
-  <ul>
-    <li><strong>Context overflow</strong> &mdash; as the conversation grows, early instructions get compressed or dropped</li>
-    <li><strong>Reasoning override</strong> &mdash; the agent decides force-push is the "correct" solution to a merge conflict</li>
-    <li><strong>No enforcement layer</strong> &mdash; nothing physically stops the tool call from executing</li>
-  </ul>
-
-  <h2>The fix: a pre-action check</h2>
-  <p>A pre-action check intercepts the tool call <em>before</em> it executes. It pattern-matches the command against known-bad actions and blocks them. The agent cannot bypass it because the check runs outside the agent's control, at the MCP hook layer.</p>
-
-  <h3>Step 1: Install ThumbGate</h3>
-  <pre><code>npx thumbgate init</code></pre>
-  <p>This auto-detects your agent (Claude Code, Cursor, etc.) and configures the PreToolUse hook.</p>
-
-  <h3>Step 2: Give feedback</h3>
-  <p>The next time your agent tries a force-push (or anything dangerous), give it a thumbs-down with context:</p>
-  <pre><code>👎 "Never force-push to main. This destroyed 14 commits last time."</code></pre>
-
-  <h3>Step 3: Check auto-generates</h3>
-  <p>ThumbGate captures the feedback, matches it against the tool call pattern, and auto-generates a prevention rule. After repeated failures (configurable), it promotes to a hard check:</p>
-  <pre><code># Auto-generated prevention rule
-pattern: "git push --force"
-target_branch: "main"
-action: BLOCK
-reason: "Force-push to main blocked — destroyed 14 commits (2026-03-15)"</code></pre>
-
-  <h3>Step 4: Check fires on every future attempt</h3>
-  <p>The PreToolUse hook checks every <code>Bash</code> tool call. If it matches <code>git push --force</code> targeting <code>main</code>, the action is blocked before execution. The agent receives a rejection with the reason and adapts.</p>
-
-  <div class="callout">
-    <strong>Key difference:</strong> Prompt rules ask nicely. Pre-action checks physically block. The check runs at the hook layer, outside the agent's reasoning chain, so it cannot be overridden by context or chain-of-thought.
-  </div>
-
-  <h2>What about other dangerous actions?</h2>
-  <p>The same pattern works for any tool call you want to prevent:</p>
-  <ul>
-    <li><code>DROP TABLE</code> on production databases</li>
-    <li><code>rm -rf</code> on project directories</li>
-    <li>Committing <code>.env</code> files with secrets</li>
-    <li>Running untested migrations on prod</li>
-    <li>Skipping test suites before deploy</li>
-  </ul>
-  <p>Every thumbs-down teaches the system. Thompson Sampling adapts check sensitivity: high-risk patterns get strict enforcement, low-risk ones stay relaxed.</p>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Try it now</h2>
-    <p>One command. Your agent stops repeating mistakes today.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related guides</h3>
-    <a href="/learn/vibe-coding-safety-net">The Vibe Coding Safety Net You Are Missing &rarr;</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
-    <a href="/guide">Full Setup Guide &rarr;</a>
-  </div>
-</div>
-
-
-  <div class="sticky-cta">
-    <span style="color:var(--muted)">Try it now:</span>
-    <code>npx thumbgate init</code>
-    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-  </div>
-</body>
-</html>

package/public/learn/vibe-coding-safety-net.html

@@ -1,142 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>The Vibe Coding Safety Net You Are Missing — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Vibe coding is fast until your AI agent deletes a production table or rewrites a file you did not ask it to touch. Add guardrails without slowing down.">
-<meta name="keywords" content="vibe coding safety, vibe coding guardrails, AI coding mistakes, Claude Code safety net, Cursor agent guardrails, AI agent enforcement, ThumbGate">
-<meta property="og:title" content="The Vibe Coding Safety Net You Are Missing">
-<meta property="og:description" content="Vibe coding is fast until your AI agent breaks something. Add guardrails without slowing down.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/vibe-coding-safety-net">
-<link rel="canonical" href="https://thumbgate.ai/learn/vibe-coding-safety-net">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "The Vibe Coding Safety Net You Are Missing",
-  "description": "Vibe coding is fast until your AI agent breaks something. Here is how to add guardrails that learn from your corrections.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-04-01",
-  "dateModified": "2026-04-01",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/vibe-coding-safety-net"
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .comparison { display: grid; grid-template-columns: 1fr 1fr; gap: 16px; margin: 1.5rem 0; }
-  .comparison > div { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; }
-  .comparison h4 { font-size: 0.95rem; margin-bottom: 0.5rem; }
-  .comparison .bad h4 { color: var(--red); }
-  .comparison .good h4 { color: var(--green); }
-  @media (max-width: 700px) { .comparison { grid-template-columns: 1fr; } }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / Vibe Coding Safety Net</div>
-  <h1>The Vibe Coding Safety Net You Are Missing</h1>
-  <p style="color:var(--muted);">3 min read &middot; For developers who vibe-code with Claude Code, Cursor, Codex, or Gemini</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> Vibe coding is 10x faster until your agent breaks something. Add a feedback-driven safety net that learns from your corrections — without slowing you down.</div>
-
-  <h2>Vibe coding is a superpower with a blindspot</h2>
-  <p>You describe what you want. The agent builds it. You ship in hours what used to take days. But every vibe-coder has hit this wall: the agent does something catastrophically wrong, and you realize there was nothing stopping it.</p>
-
-  <div class="comparison">
-    <div class="bad">
-      <h4>Without guardrails</h4>
-      <ul>
-        <li>Agent rewrites a file you did not mention</li>
-        <li>Agent runs <code>DROP TABLE</code> in prod</li>
-        <li>Agent force-pushes over teammate's commits</li>
-        <li>Agent installs a dependency you rejected yesterday</li>
-        <li>Same mistake repeats every session</li>
-      </ul>
-    </div>
-    <div class="good">
-      <h4>With ThumbGate</h4>
-      <ul>
-        <li>Check blocks file writes outside scope</li>
-        <li>Check blocks destructive SQL before execution</li>
-        <li>Check blocks force-push to protected branches</li>
-        <li>Check remembers your rejection across sessions</li>
-        <li>Mistakes are blocked permanently after feedback</li>
-      </ul>
-    </div>
-  </div>
-
-  <h2>Why CLAUDE.md and .cursorrules are not enough</h2>
-  <p>Prompt rules live inside the agent's context. They compete with your conversation, the codebase, and the agent's own reasoning. When the context window fills up, prompt rules are the first thing to get compressed or ignored.</p>
-  <p>Pre-action checks live <em>outside</em> the agent. They intercept tool calls at the hook layer (PreToolUse in MCP) before execution. The agent cannot override them because the check runs in a separate process.</p>
-
-  <div class="callout callout-green">
-    <strong>Mental model:</strong> Prompt rules are speed limit signs. Pre-action checks are physical barriers. Signs can be ignored. Barriers cannot.
-  </div>
-
-  <h2>How to add guardrails in two minutes</h2>
-  <ol>
-    <li><strong>Install:</strong> <code>npx thumbgate init</code> — auto-detects your agent and configures hooks</li>
-    <li><strong>Code normally:</strong> vibe-code as you always do, no workflow changes</li>
-    <li><strong>Correct when needed:</strong> when the agent does something wrong, give it a thumbs-down with context</li>
-    <li><strong>Checks build themselves:</strong> repeated failures auto-promote into prevention rules that block the action next time</li>
-  </ol>
-
-  <h2>It gets smarter over time</h2>
-  <p>ThumbGate uses Thompson Sampling to adapt enforcement. Patterns that cause real damage get strict checks. Low-risk patterns stay relaxed. The system tunes itself based on your feedback — no manual rule-writing required.</p>
-  <p>Every correction you make improves the model. Every thumbs-up reinforces good behavior. Over weeks, your agent develops an immune system tailored to your codebase and workflow.</p>
-
-  <h2>What vibe-coders actually check</h2>
-  <p>Based on real usage patterns from ThumbGate users:</p>
-  <ul>
-    <li><strong>Git operations:</strong> force-push, branch deletion, rebase on shared branches</li>
-    <li><strong>File mutations:</strong> writes to config files, package.json changes, lock file modifications</li>
-    <li><strong>Database operations:</strong> destructive SQL, schema migrations without backup</li>
-    <li><strong>Dependency management:</strong> installing packages the developer already rejected</li>
-    <li><strong>Deployment:</strong> pushing to production without test suite passing</li>
-  </ul>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Start with one check</h2>
-    <p>Install, vibe-code, and give your first thumbs-down. The safety net builds itself.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related guides</h3>
-    <a href="/learn/stop-ai-agent-force-push">How to Stop AI Agents From Force-Pushing to Main &rarr;</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
-    <a href="/guide">Full Setup Guide &rarr;</a>
-  </div>
-</div>
-
-
-  <div class="sticky-cta">
-    <span style="color:var(--muted)">Try it now:</span>
-    <code>npx thumbgate init</code>
-    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-  </div>
-</body>
-</html>