thumbgate 1.27.12 → 1.27.13

package/public/guides/ai-agent-workflow-migration-checklist.html

@@ -1,392 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-  <title>AI Agent Workflow Migration Checklist | ThumbGate</title>
-  <meta name="description" content="A practical checklist for moving from ad hoc AI coding agents to governed background-agent workflows with gates, evidence, ownership, and audit-ready controls." />
-  <meta property="og:title" content="AI Agent Workflow Migration Checklist" />
-  <meta property="og:description" content="Move agent coding from ad hoc use to governed workflows: scope, gates, evidence, ownership, approvals, and audit-ready controls." />
-  <meta property="og:type" content="article" />
-  <meta property="og:url" content="https://thumbgate.ai/guides/ai-agent-workflow-migration-checklist" />
-  <link rel="canonical" href="https://thumbgate.ai/guides/ai-agent-workflow-migration-checklist" />
-  <link rel="llm-context" href="/llm-context.md" type="text/markdown" />
-  <link rel="icon" type="image/svg+xml" href="/thumbgate-icon.png" />
-  <link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg" />
-  <meta property="og:image" content="/og.png" />
-  <style>
-    :root {
-      --bg: #0a0a0b;
-      --bg-raised: #111113;
-      --bg-card: #161618;
-      --line: #242428;
-      --text: #e8e8ec;
-      --muted: #9a9aa6;
-      --cyan: #22d3ee;
-      --green: #4ade80;
-      --amber: #fbbf24;
-      --red: #f87171;
-    }
-    * { box-sizing: border-box; }
-    body {
-      margin: 0;
-      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
-      background: var(--bg);
-      color: var(--text);
-      line-height: 1.65;
-    }
-    a { color: var(--cyan); text-decoration: none; }
-    a:hover { text-decoration: underline; }
-    .container { max-width: 1080px; margin: 0 auto; padding: 0 24px; }
-    .topbar {
-      position: sticky;
-      top: 0;
-      z-index: 20;
-      backdrop-filter: blur(12px);
-      background: rgba(10, 10, 11, 0.9);
-      border-bottom: 1px solid var(--line);
-    }
-    .topbar .container {
-      display: flex;
-      justify-content: space-between;
-      align-items: center;
-      padding-top: 14px;
-      padding-bottom: 14px;
-    }
-    .brand {
-      display: inline-flex;
-      align-items: center;
-      gap: 8px;
-      color: var(--text);
-      font-weight: 700;
-      text-decoration: none;
-    }
-    .logo-mark { width: 28px; height: 28px; display: block; }
-    .hero { padding: 72px 0 30px; }
-    .eyebrow {
-      display: inline-flex;
-      align-items: center;
-      padding: 6px 12px;
-      border-radius: 999px;
-      border: 1px solid rgba(34, 211, 238, 0.22);
-      background: rgba(34, 211, 238, 0.1);
-      color: var(--cyan);
-      text-transform: uppercase;
-      letter-spacing: 0.08em;
-      font-size: 12px;
-      font-weight: 700;
-    }
-    h1 {
-      max-width: 820px;
-      margin: 16px 0;
-      font-size: clamp(34px, 5vw, 58px);
-      line-height: 1.06;
-      letter-spacing: 0;
-    }
-    .hero p {
-      max-width: 760px;
-      color: var(--muted);
-      font-size: 18px;
-    }
-    .signal-row {
-      display: flex;
-      flex-wrap: wrap;
-      gap: 12px;
-      margin-top: 28px;
-    }
-    .signal-pill {
-      display: inline-flex;
-      align-items: center;
-      padding: 10px 14px;
-      border-radius: 999px;
-      border: 1px solid var(--line);
-      background: var(--bg-raised);
-      font-size: 14px;
-      font-weight: 650;
-    }
-    .signal-pill.good { color: #b8f7c8; border-color: rgba(74, 222, 128, 0.28); background: rgba(74, 222, 128, 0.1); }
-    .signal-pill.warn { color: #fde68a; border-color: rgba(251, 191, 36, 0.28); background: rgba(251, 191, 36, 0.1); }
-    .grid {
-      display: grid;
-      grid-template-columns: minmax(0, 2fr) minmax(290px, 1fr);
-      gap: 24px;
-      padding-bottom: 72px;
-    }
-    .card, .detail-section, .sidebar-card {
-      background: var(--bg-card);
-      border: 1px solid var(--line);
-      border-radius: 8px;
-    }
-    .card, .detail-section, .sidebar-card { padding: 24px; }
-    .detail-section { margin-bottom: 18px; }
-    .detail-section h2, .card h2, .sidebar-card h2 {
-      margin: 0 0 12px;
-      font-size: 24px;
-      letter-spacing: 0;
-    }
-    .detail-section p, .card p, .sidebar-card p, li { color: var(--muted); }
-    ul, ol { padding-left: 22px; }
-    li { margin: 8px 0; }
-    .checklist {
-      display: grid;
-      grid-template-columns: 1fr;
-      gap: 10px;
-      margin-top: 14px;
-    }
-    .check-item {
-      border: 1px solid var(--line);
-      border-radius: 8px;
-      background: var(--bg-raised);
-      padding: 14px 16px;
-    }
-    .check-item strong { display: block; color: var(--text); margin-bottom: 4px; }
-    .offer {
-      border-color: rgba(34, 211, 238, 0.4);
-      background: linear-gradient(180deg, rgba(34, 211, 238, 0.12), rgba(22, 22, 24, 1));
-    }
-    .cta-button, .secondary-button {
-      display: inline-flex;
-      align-items: center;
-      justify-content: center;
-      width: 100%;
-      margin-top: 14px;
-      padding: 12px 16px;
-      border-radius: 8px;
-      font-weight: 750;
-      text-align: center;
-      text-decoration: none;
-    }
-    .cta-button { background: var(--cyan); color: #061116; }
-    .quick-button { background: var(--green); color: #05130a; }
-    .secondary-button { border: 1px solid var(--line); color: var(--text); background: var(--bg-raised); }
-    .sidebar { display: flex; flex-direction: column; gap: 18px; }
-    .sidebar-card:first-child {
-      position: sticky;
-      top: 84px;
-      max-height: calc(100vh - 104px);
-      overflow-y: auto;
-    }
-    .related-card {
-      display: block;
-      padding: 14px;
-      border: 1px solid var(--line);
-      border-radius: 8px;
-      background: var(--bg-raised);
-      color: var(--text);
-      margin-top: 12px;
-    }
-    .related-label {
-      display: block;
-      color: var(--muted);
-      font-size: 12px;
-      text-transform: uppercase;
-      letter-spacing: 0.08em;
-      margin-bottom: 4px;
-    }
-    pre {
-      overflow-x: auto;
-      padding: 16px;
-      border-radius: 8px;
-      border: 1px solid var(--line);
-      background: #070708;
-      color: #d7f9ff;
-      line-height: 1.5;
-      white-space: pre-wrap;
-    }
-    .faq-item {
-      border-top: 1px solid var(--line);
-      padding: 14px 0;
-    }
-    .faq-item summary { cursor: pointer; font-weight: 650; }
-    .faq-item p { color: var(--muted); }
-    @media (max-width: 860px) {
-      .grid { grid-template-columns: 1fr; }
-      .sidebar-card:first-child { position: static; max-height: none; overflow: visible; }
-      .topbar .container { align-items: flex-start; gap: 10px; flex-direction: column; }
-    }
-  </style>
-  <script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "AI Agent Workflow Migration Checklist",
-  "description": "A practical checklist for moving from ad hoc AI coding agents to governed background-agent workflows with gates, evidence, ownership, and audit-ready controls.",
-  "about": [
-    "AI agent workflow migration",
-    "background agent governance",
-    "agent coding audit trail",
-    "software supply chain controls",
-    "AI coding agent rollout"
-  ],
-  "url": "https://thumbgate.ai/guides/ai-agent-workflow-migration-checklist",
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "mainEntityOfPage": "https://thumbgate.ai/guides/ai-agent-workflow-migration-checklist"
-}
-  </script>
-  <script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "FAQPage",
-  "mainEntity": [
-    {
-      "@type": "Question",
-      "name": "Why do AI agent workflow migrations fail?",
-      "acceptedAnswer": {
-        "@type": "Answer",
-        "text": "They usually fail when teams change the coding surface without mapping the surrounding gates, exceptions, approvals, ownership, evidence, and audit narrative."
-      }
-    },
-    {
-      "@type": "Question",
-      "name": "Is an SBOM enough for agent-generated code?",
-      "acceptedAnswer": {
-        "@type": "Answer",
-        "text": "No. SBOMs help inventory components, but agent workflows also need code-level attribution, review evidence, tool boundaries, and controls that prove who authorized the change."
-      }
-    },
-    {
-      "@type": "Question",
-      "name": "What does the $499 diagnostic produce?",
-      "acceptedAnswer": {
-        "@type": "Answer",
-        "text": "The diagnostic maps one real agent workflow, identifies unsafe gates and audit gaps, and returns a prioritized migration plan for enforceable controls."
-      }
-    }
-  ]
-}
-  </script>
-</head>
-<body>
-  <div class="topbar">
-    <div class="container">
-      <a class="brand" href="/"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span>ThumbGate</span></a>
-      <a href="/guides/ai-agent-governance-sprint">Workflow Hardening Sprint</a>
-    </div>
-  </div>
-
-  <main class="container">
-    <section class="hero">
-      <div class="eyebrow">checklist | agent workflow migration</div>
-      <h1>AI Agent Workflow Migration Checklist</h1>
-      <p>Most AI coding rollouts will not fail because the agent cannot write code. They will fail because the team never mapped the gates, exceptions, audit trail, ownership model, and review evidence before giving agents more surface area.</p>
-      <div class="signal-row">
-        <div class="signal-pill good">ThumbGate blocks repeat agent failures before execution</div>
-        <div class="signal-pill warn">Pro $19/mo or $149/yr. Team $49/seat/mo.</div>
-      </div>
-    </section>
-
-    <section class="grid">
-      <div>
-        <div class="card">
-          <h2>Why this matters now</h2>
-          <p>Software teams are moving from ad hoc assistant sessions into background agents, repo-level automation, and autonomous PR queues. That migration has the same hidden risk as SCA platform changes: the tool is visible, but the surrounding control system is where rollout risk lives.</p>
-          <p>If you cannot explain who approved the agent run, what it was allowed to touch, which gates fired, how ownership was attributed, and what evidence reached review, you do not have an agent workflow. You have a lucky transcript.</p>
-        </div>
-
-        <section class="detail-section">
-          <h2>The migration checklist</h2>
-          <div class="checklist">
-            <div class="check-item"><strong>1. Workflow owner</strong> Name the team and human owner for the agent workflow. No orphaned automations.</div>
-            <div class="check-item"><strong>2. Allowed surfaces</strong> Define repos, branches, directories, package files, infra files, secrets, generated assets, and production paths the agent may or may not touch.</div>
-            <div class="check-item"><strong>3. Context source of truth</strong> Capture the issue, ticket, plan, or prompt that authorized the run so reviewers see the original intent.</div>
-            <div class="check-item"><strong>4. Tool boundaries</strong> Separate read-only inspection, local file edits, shell commands, package installs, network calls, deploys, and GitHub mutations.</div>
-            <div class="check-item"><strong>5. Pre-action gates</strong> Block known-bad actions before execution: destructive git commands, unsafe prod edits, secret exposure, unreviewed dependency changes, and repeat failure patterns.</div>
-            <div class="check-item"><strong>6. Attribution evidence</strong> Record agent ID, model/tooling, branch, PR, changed files, dependency impact, CI result, and human feedback.</div>
-            <div class="check-item"><strong>7. Exception policy</strong> Track when a gate is overridden, who approved it, why it was safe, and when the exception expires.</div>
-            <div class="check-item"><strong>8. Review routing</strong> Route low-risk edits differently from protected branches, dependency/SBOM-sensitive files, auth, billing, data retention, and deployment code.</div>
-            <div class="check-item"><strong>9. Rollback path</strong> Define how to revert an agent change, disable the workflow, revoke credentials, and preserve evidence after an incident.</div>
-            <div class="check-item"><strong>10. Overhead budget</strong> Measure whether the agent reduces review load or just moves work into cleanup, duplicated PRs, and audit archaeology.</div>
-          </div>
-        </section>
-
-        <section class="detail-section">
-          <h2>Copy-paste audit prompt</h2>
-          <pre>Audit this AI agent workflow before we expand it.
-
-Map:
-- owner and approval source
-- allowed repos, branches, files, and commands
-- blocked actions and override rules
-- CI, review, and merge evidence
-- dependency, SBOM, secret, and production-touching paths
-- attribution gaps where the code can change without a durable reason
-- the first three ThumbGate pre-action checks we should enforce</pre>
-        </section>
-
-        <section class="detail-section">
-          <h2>Where ThumbGate fits</h2>
-          <p>ThumbGate turns repeated human feedback and CI failures into enforcement. The useful control is not another dashboard. It is a pre-action rule that stops the already-rejected mistake from happening again.</p>
-          <ul>
-            <li>Use ThumbGate locally to capture thumbs-up and thumbs-down feedback from real agent sessions.</li>
-            <li>Promote repeated failures into gates before risky commands, file writes, or PR actions.</li>
-            <li>Attach run evidence so reviewers can see what the agent attempted, what was blocked, and what still needs human judgment.</li>
-          </ul>
-        </section>
-
-        <section class="detail-section">
-          <h2>FAQ</h2>
-          <details class="faq-item">
-            <summary>Why do AI agent workflow migrations fail?</summary>
-            <p>They usually fail when teams change the coding surface without mapping the surrounding gates, exceptions, approvals, ownership, evidence, and audit narrative.</p>
-          </details>
-          <details class="faq-item">
-            <summary>Is an SBOM enough for agent-generated code?</summary>
-            <p>No. SBOMs help inventory components, but agent workflows also need code-level attribution, review evidence, tool boundaries, and controls that prove who authorized the change.</p>
-          </details>
-          <details class="faq-item">
-            <summary>What does the $499 diagnostic produce?</summary>
-            <p>The diagnostic maps one real agent workflow, identifies unsafe gates and audit gaps, and returns a prioritized migration plan for enforceable controls.</p>
-          </details>
-        </section>
-      </div>
-
-      <aside class="sidebar">
-        <div class="sidebar-card offer">
-          <h2>Start With One Failure</h2>
-          <p>Fastest paid path: send one repeated agent failure and get the likely prevention-rule shape plus proof check. Use the diagnostic when you want the whole workflow mapped.</p>
-          <a class="cta-button quick-button" href="https://buy.stripe.com/5kQ7sL76s1eSaK55e33sI2H?utm_source=background_agent_checklist&amp;utm_medium=landing_page&amp;utm_campaign=agent_workflow_migration&amp;utm_content=quick_read" target="_blank" rel="noopener">Pay $19 quick read</a>
-          <a class="secondary-button" href="https://buy.stripe.com/fZu28rfCY6zcbO99uj3sI2G?utm_source=background_agent_checklist&amp;utm_medium=landing_page&amp;utm_campaign=agent_workflow_migration&amp;utm_content=first_rule" target="_blank" rel="noopener">Pay $1 first rule</a>
-          <h2>$499 Agent Workflow Migration Diagnostic</h2>
-          <p>Send one real agent workflow. We map the control gaps, repeated-failure risks, review evidence, and first enforceable gates.</p>
-          <p><strong>Best fit:</strong> platform, security, OSPO, and engineering teams rolling out background agents or AI-assisted PR automation.</p>
-          <a class="cta-button" href="https://buy.stripe.com/00w14neyUcXA5pL5e33sI0e?utm_source=background_agent_checklist&amp;utm_medium=landing_page&amp;utm_campaign=agent_workflow_migration&amp;utm_content=diagnostic" target="_blank" rel="noopener">Pay $499 diagnostic</a>
-          <a class="secondary-button optional-payment-link" href="__PAYPAL_DIAGNOSTIC_CHECKOUT_URL__" target="_blank" rel="noopener">Pay $499 diagnostic with PayPal</a>
-          <h2>$__SNAPSHOT_PRICE_DOLLARS__ Snapshot</h2>
-          <p>Smallest paid proof: one repeated failure, the likely prevention-rule shape, and the proof check to run before a full Diagnostic.</p>
-          <a class="secondary-button optional-payment-link" href="__MOR_SNAPSHOT_CHECKOUT_URL__" target="_blank" rel="noopener">Buy $__SNAPSHOT_PRICE_DOLLARS__ snapshot via __MOR_PROVIDER__</a>
-          <a class="secondary-button" href="/?utm_source=background_agent_checklist&amp;utm_medium=landing_page&amp;utm_campaign=agent_workflow_migration&amp;utm_content=intake#workflow-sprint-intake">Send workflow first</a>
-        </div>
-
-        <div class="sidebar-card">
-          <h2>Related pages</h2>
-          <a class="related-card" href="/guides/background-agent-governance">
-            <span class="related-label">Related page</span>
-            <strong>Background Agent Governance for Agent PRs</strong>
-          </a>
-          <a class="related-card" href="/guides/ai-agent-governance-sprint">
-            <span class="related-label">Paid path</span>
-            <strong>AI Agent Governance Sprint</strong>
-          </a>
-          <a class="related-card" href="/guides/developer-machine-supply-chain-guardrails">
-            <span class="related-label">Related page</span>
-            <strong>Developer Machine Supply Chain Guardrails</strong>
-          </a>
-        </div>
-      </aside>
-    </section>
-  </main>
-  <script>
-    document.querySelectorAll('.optional-payment-link').forEach(function(link) {
-      var href = link.getAttribute('href') || '';
-      if (!href || href.indexOf('__') !== -1) {
-        link.hidden = true;
-        link.setAttribute('aria-hidden', 'true');
-      }
-    });
-  </script>
-</body>
-</html>