thumbgate 1.27.12 → 1.27.13

package/public/learn/agent-swarms-shared-gates.html

@@ -1,173 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Agent Swarms: One Gate Layer, Every Model — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Multi-agent swarms multiply repeated mistakes by the number of agents. A shared pre-action gate layer catches the mistake once and prevents it across every agent in the swarm.">
-<meta name="keywords" content="agent swarm, multi-agent system, agent swarm token cost, agent swarm shared memory, multi-model orchestration, MCP pre-action checks, ThumbGate">
-<meta property="og:title" content="Agent Swarms: One Gate Layer, Every Model">
-<meta property="og:description" content="Why multi-agent swarms need shared gates, not duplicated rules — and how a single MCP layer makes Opus, GPT, and Gemini fail the same way only once.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/agent-swarms-shared-gates">
-<link rel="canonical" href="https://thumbgate.ai/learn/agent-swarms-shared-gates">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "Agent Swarms: One Gate Layer, Every Model",
-  "description": "Multi-agent swarms multiply repeated mistakes by the number of agents. A shared pre-action gate layer prevents the same mistake across every agent in the swarm.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-05-18",
-  "dateModified": "2026-05-18",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/agent-swarms-shared-gates",
-  "about": [
-    {"@type": "Thing", "name": "agent swarm"},
-    {"@type": "Thing", "name": "multi-agent system"},
-    {"@type": "Thing", "name": "AI agent shared memory"}
-  ]
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
-  th, td { text-align: left; padding: 0.6rem 0.8rem; border-bottom: 1px solid var(--border); font-size: 0.9rem; }
-  th { color: var(--cyan); font-weight: 600; }
-  .mapping-row td:first-child { color: var(--green); font-weight: 500; }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / Agent Swarms: Shared Gates</div>
-  <h1>Agent Swarms: One Gate Layer, Every Model</h1>
-  <p style="color:var(--muted);">6 min read &middot; For teams running multi-agent systems across multiple LLMs</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> A 5-agent swarm without shared memory pays 5&times; the tokens on every repeated mistake. The fix is a single pre-action gate layer that every agent in the swarm consults before tool use — not 5 sets of prompt rules.</div>
-
-  <h2>The swarm token-cost problem</h2>
-  <p>Agent swarms route different parts of a task to different models — one model for front-end work, another for backend, a third for visual reasoning, a fourth for efficient bulk operations. The pitch is real: the right model for the right slice of work, in parallel.</p>
-  <p>The hidden cost is repetition. Each agent in the swarm has its own context window. When one agent makes a mistake — force-pushes to main, deletes a production file, paginates wrong against a rate-limited API — the other agents in the swarm have no idea. They are statistically likely to make the same mistake, because they were trained on the same internet and given the same prompt scaffolding.</p>
-
-  <div class="callout">
-    <strong>The math is unkind:</strong> with N agents and a recurring mistake class, you pay the token cost of that mistake N times per task instead of once. The fix is not better prompting. It is shared state below the agents.
-  </div>
-
-  <h2>Why prompt rules cannot solve this</h2>
-  <p>A natural reflex is to copy the same "do not force-push" rule into every agent's system prompt. This fails for three reasons:</p>
-
-  <ol>
-    <li><strong>Drift.</strong> Each agent's prompt evolves independently. After a few iterations, the rules diverge across the swarm without anyone noticing.</li>
-    <li><strong>Reasoning around.</strong> A long-context agent can rationalize an exception to a prompt rule. There is no enforcement layer to say no.</li>
-    <li><strong>No learning loop.</strong> When agent A makes a new mistake, agents B/C/D never find out. Each agent has to discover the same failure independently.</li>
-  </ol>
-
-  <h2>The shared-gate architecture</h2>
-  <p>The pattern that actually works is one gate layer that every agent consults before any tool call. The gate layer holds a single lesson database, a single set of prevention rules, and a single PreToolUse hook surface.</p>
-
-  <table>
-    <thead>
-      <tr>
-        <th>Concern</th>
-        <th>Per-agent prompt rules</th>
-        <th>Shared gate layer</th>
-      </tr>
-    </thead>
-    <tbody>
-      <tr class="mapping-row">
-        <td>New mistake caught once</td>
-        <td>Other agents still vulnerable</td>
-        <td>All agents protected immediately</td>
-      </tr>
-      <tr class="mapping-row">
-        <td>Rule consistency</td>
-        <td>Drifts across agents over time</td>
-        <td>Single source of truth on disk</td>
-      </tr>
-      <tr class="mapping-row">
-        <td>Enforcement</td>
-        <td>Best-effort — agent can override</td>
-        <td>Hard block at the tool boundary</td>
-      </tr>
-      <tr class="mapping-row">
-        <td>Token cost of repeated failures</td>
-        <td>N&times; per task (one per agent)</td>
-        <td>1&times; per task (gate refuses)</td>
-      </tr>
-    </tbody>
-  </table>
-
-  <h2>How ThumbGate implements this</h2>
-  <p>ThumbGate is a single MCP server with a PreToolUse hook. Every agent in the swarm — whether it speaks to Claude, GPT, Gemini, or any other model — issues tool calls through the same MCP layer. The hook fires once per tool call, regardless of which agent issued it.</p>
-
-  <p>Three concrete properties make this work in a swarm:</p>
-
-  <ul>
-    <li><strong>Single feedback directory.</strong> Point every agent at the same <code>.thumbgate/</code> on disk (or set the <code>THUMBGATE_FEEDBACK_DIR</code> environment variable). All lessons, gates, and feedback land in one place.</li>
-    <li><strong>Model-agnostic hook.</strong> The PreToolUse hook does not care which model produced the tool call. It pattern-matches against the call itself.</li>
-    <li><strong>Append-only feedback log.</strong> Concurrent thumbs-up/down captures from different agents are JSONL appends — no contention, no lock-out, no lost lessons.</li>
-  </ul>
-
-  <div class="callout callout-green">
-    <strong>The swarm becomes one learner.</strong> Agent A makes a mistake, you thumbs-down it, the gate is promoted. The next tool call from agent B, C, or D matching that pattern is blocked. You paid once for the lesson; every agent benefits.
-  </div>
-
-  <h2>What this does not solve</h2>
-  <p>Honesty matters here. A shared gate layer is not a swarm orchestrator. It does not route work between agents, decide which model is best for a subtask, or balance load. Those are the swarm framework's job.</p>
-  <p>What the gate layer does is make the swarm cheaper to operate by removing the most expensive failure mode: paying the same mistake-tax N times. If your swarm framework gives you concurrency and the gate layer gives you shared safety memory, the combination is what makes multi-agent systems economically viable for production work.</p>
-
-  <h2>Try it on your swarm</h2>
-  <p>If your swarm runs locally, point every agent at the same project directory:</p>
-
-  <pre><code>cd /path/to/your-project
-npx thumbgate init</code></pre>
-
-  <p>If your agents run as separate processes or containers, share the feedback dir via env var:</p>
-
-  <pre><code>export THUMBGATE_FEEDBACK_DIR=/shared/thumbgate
-# every agent in the swarm reads from and writes to this directory</code></pre>
-
-  <p>That is the entire integration. The gate layer is now in front of every tool call in the swarm, learning from feedback captured anywhere in the swarm.</p>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">One gate layer. Every model in your swarm.</h2>
-    <p>Works with Claude Code, Cursor, Codex, Gemini, Amp, OpenCode, and any MCP-compatible agent.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related articles</h3>
-    <a href="/learn/agent-harness-pattern">The Agent Harness Pattern: Why Your AI Needs a Seatbelt &rarr;</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
-    <a href="/learn/ai-agent-persistent-memory">AI Agent Persistent Memory: How It Works &rarr;</a>
-  </div>
-</div>
-
-
-  <div class="sticky-cta">
-    <span style="color:var(--muted)">Try it now:</span>
-    <code>npx thumbgate init</code>
-    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-  </div>
-</body>
-</html>

package/public/learn/agentic-enterprise-context-brain.html

@@ -1,117 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Agentic Enterprise Context Brain: Memory Plus Enforcement — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Enterprise agents need more than a context brain or memory stack. Learn how to connect facts, prior failures, approvals, evidence, and pre-action gates so AI agents stop repeating risky actions before they execute.">
-<meta name="keywords" content="agentic enterprise, enterprise AI agents, AI context brain, Memory OS, AI agent memory, pre-action gates, agent governance, AI agent enforcement">
-<meta property="og:title" content="Agentic Enterprise Context Brain: Memory Plus Enforcement">
-<meta property="og:description" content="A practical architecture for teams moving from agent memory to enforceable agent operations.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/agentic-enterprise-context-brain">
-<link rel="canonical" href="https://thumbgate.ai/learn/agentic-enterprise-context-brain">
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "Agentic Enterprise Context Brain: Memory Plus Enforcement",
-  "description": "Enterprise agents need more than a context brain or memory stack. Learn how to connect facts, prior failures, approvals, evidence, and pre-action gates so AI agents stop repeating risky actions before they execute.",
-  "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
-  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
-  "datePublished": "2026-06-03",
-  "dateModified": "2026-06-03",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/agentic-enterprise-context-brain",
-  "about": [
-    { "@type": "Thing", "name": "agentic enterprise" },
-    { "@type": "Thing", "name": "AI agent memory" },
-    { "@type": "Thing", "name": "pre-action gates" },
-    { "@type": "Thing", "name": "enterprise AI governance" }
-  ]
-}
-</script>
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .matrix { width: 100%; border-collapse: collapse; margin: 1rem 0 1.5rem; }
-  .matrix th, .matrix td { text-align: left; padding: 0.7rem 0.8rem; border-bottom: 1px solid var(--border); vertical-align: top; }
-  .matrix th { color: var(--cyan); font-weight: 600; }
-</style>
-</head>
-<body>
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / Agentic Enterprise Context Brain</div>
-  <h1>Agentic enterprise context brains need enforcement.</h1>
-  <p style="color:var(--muted);">7 min read &middot; For platform teams turning AI agents into controlled enterprise operators</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> Enterprise agents need shared context, but context alone does not stop a repeated bad action. The high-ROI architecture is a memory layer that promotes trusted failures, policies, approvals, and evidence into pre-action gates before agents touch code, money, data, or customer systems.</div>
-
-  <h2>The problem is not only fragmented context</h2>
-  <p>Enterprise agents fail when they lack context, but they also fail when they have context and still execute the wrong action. The first is a retrieval problem. The second is an enforcement problem.</p>
-  <p>Context-brain projects connect documents, tables, tickets, policies, prior runs, and chat history. That is useful. But if the output is only another prompt note, the agent can still miss it or reason around it.</p>
-
-  <div class="callout">
-    <strong>ThumbGate's thesis:</strong> The enterprise context brain should not only inform the agent. It should compile high-confidence lessons into checks that run before the next tool call.
-  </div>
-
-  <h2>Memory OS-style stacks are useful, but incomplete</h2>
-  <p>Layered memory systems with structured facts, trust scores, hybrid search, curated wikis, deduplication, and context injection reduce repeated explanation. The operational question is what happens after memory learns that an action caused harm.</p>
-  <p>If the answer is "inject another note into the prompt," memory stays advisory. If the answer is "block the matching action before execution," memory becomes governance.</p>
-
-  <table class="matrix">
-    <thead>
-      <tr><th>Layer</th><th>Memory-only outcome</th><th>ThumbGate outcome</th></tr>
-    </thead>
-    <tbody>
-      <tr><td>Facts</td><td>The agent recalls policies and prior incidents.</td><td>The same facts are available to gates, dashboards, and proof exports.</td></tr>
-      <tr><td>Trust</td><td>The agent sees source quality.</td><td>Low-trust facts cannot justify production changes without evidence.</td></tr>
-      <tr><td>Retrieval</td><td>The agent retrieves context before answering.</td><td>Relevant failed actions are checked before shell, file, git, API, deploy, or publish tools run.</td></tr>
-      <tr><td>Lessons</td><td>Lessons become readable documentation.</td><td>Repeated lessons promote into prevention rules with audit trails.</td></tr>
-      <tr><td>Context injection</td><td>The agent gets better instructions.</td><td>The runtime gets enforceable approvals, blocks, and logs.</td></tr>
-    </tbody>
-  </table>
-
-  <h2>The high-ROI implementation path</h2>
-  <ol>
-    <li><strong>Capture the failure:</strong> thumbs-down, failed test, rejected PR, incident note, or approval denial.</li>
-    <li><strong>Normalize the memory:</strong> strip ephemeral IDs, timestamps, temp paths, and session noise before promotion.</li>
-    <li><strong>Attach evidence:</strong> test logs, PR URLs, command output, screenshots, ticket IDs, and source hashes.</li>
-    <li><strong>Choose routing:</strong> block, pause for approval, warn, or log.</li>
-    <li><strong>Evaluate before action:</strong> run the gate before tool execution.</li>
-    <li><strong>Measure blocked repeats:</strong> report how often the system stopped the second bad action before execution.</li>
-  </ol>
-
-  <div class="callout callout-green">
-    <strong>Sales wedge:</strong> Sell "memory that blocks the repeat," not another RAG project. The proof metric is blocked repeat attempts before execution.
-  </div>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Turn enterprise memory into enforceable operations</h2>
-    <p>Start with one workflow, one repeated mistake, and one pre-action gate.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related articles</h3>
-    <a href="/learn/deterministic-agent-workflows">Deterministic Agent Workflows Need Runtime Gates &rarr;</a>
-    <a href="/learn/ai-agent-persistent-memory">AI Agent Persistent Memory: How It Works &rarr;</a>
-    <a href="/learn/background-agent-control-layer">Background Agents Need a Control Layer &rarr;</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
-  </div>
-</div>
-
-<div class="sticky-cta">
-  <span style="color:var(--muted)">Try it now:</span>
-  <code>npx thumbgate init</code>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-</div>
-</body>
-</html>

package/public/learn/agentic-os-team-governance.html

@@ -1,146 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Agentic OS Team Governance: Three Tiers Plus Gates — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="A team-ready Agentic OS needs human-editable knowledge, agent-operating files, git backup, permission mirroring, and memory scoping. ThumbGate adds pre-action gates and audit proof.">
-<meta name="keywords" content="Agentic OS, team AI operating system, Claude Code team setup, AI agent governance, human editable knowledge, RLS memory, pre-action gates, ThumbGate enterprise">
-<meta property="og:title" content="Agentic OS Team Governance: Three Tiers Plus Gates">
-<meta property="og:description" content="Separate human-editable knowledge, agent operating files, and git backup, then enforce permissions and memory scope before agents act.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/agentic-os-team-governance">
-<link rel="canonical" href="https://thumbgate.ai/learn/agentic-os-team-governance">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "Agentic OS Team Governance: Three Tiers Plus Gates",
-  "description": "A team-ready Agentic OS needs human-editable knowledge, agent-operating files, git backup, permission mirroring, and memory scoping. ThumbGate adds pre-action gates and audit proof.",
-  "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
-  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
-  "datePublished": "2026-06-03",
-  "dateModified": "2026-06-03",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/agentic-os-team-governance",
-  "about": [
-    { "@type": "Thing", "name": "Agentic OS" },
-    { "@type": "Thing", "name": "team AI governance" },
-    { "@type": "Thing", "name": "permission-scoped memory" },
-    { "@type": "Thing", "name": "pre-action gates" }
-  ]
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .matrix { width: 100%; border-collapse: collapse; margin: 1rem 0 1.5rem; }
-  .matrix th, .matrix td { text-align: left; padding: 0.7rem 0.8rem; border-bottom: 1px solid var(--border); vertical-align: top; }
-  .matrix th { color: var(--cyan); font-weight: 600; }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / Agentic OS Team Governance</div>
-  <h1>A team Agentic OS needs three tiers plus runtime gates.</h1>
-  <p style="color:var(--muted);">7 min read &middot; For founders and platform teams turning agent workflows into shared operating systems</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> A team-ready Agentic OS should separate human-editable source-of-truth files, agent-updated operating files, and git backup. That solves portability and collaboration. ThumbGate adds the missing enforcement: permission-mirrored gates, local overrides, scoped memory, and audit proof before agents execute.</div>
-
-  <h2>The three-tier architecture</h2>
-  <table class="matrix">
-    <thead>
-      <tr><th>Tier</th><th>What lives there</th><th>Governance requirement</th></tr>
-    </thead>
-    <tbody>
-      <tr><td>Human source of truth</td><td>Company rules, brand context, operating principles, client context, review standards.</td><td>Non-technical users can edit it, but changes must sync to a versioned backup.</td></tr>
-      <tr><td>Agent operating layer</td><td>Skills, prompts, MCP settings, workflow contracts, hooks, and executable agent instructions.</td><td>Agents can update it, but risky edits need pre-action checks and evidence.</td></tr>
-      <tr><td>Version control</td><td>Markdown exports, config files, skills, generated context packs, policy templates, and auditable changes.</td><td>Git becomes the backup and review trail; humans do not all need to touch it directly.</td></tr>
-    </tbody>
-  </table>
-
-  <div class="callout">
-    <strong>ThumbGate's role:</strong> Keep the Agentic OS portable in markdown and folders, then enforce who can use which memory, tools, paths, and client data before any tool call executes.
-  </div>
-
-  <h2>Where teams get hurt</h2>
-  <ul>
-    <li>Shared drive permissions and GitHub permissions drift apart, leaking client or internal context.</li>
-    <li>Agent-updated skills become invisible infrastructure that nobody reviews.</li>
-    <li>Local personal preferences accidentally commit into team instructions.</li>
-    <li>Central memory retrieval returns lessons from the wrong client or user scope.</li>
-    <li>The team has docs, but no runtime gate that stops an agent from breaking the policy anyway.</li>
-  </ul>
-
-  <h2>The ThumbGate implementation pattern</h2>
-  <ol>
-    <li><strong>Mirror permissions:</strong> store expected source-of-truth users, repo users, and client scopes in a machine-readable policy file.</li>
-    <li><strong>Protect local overrides:</strong> allow <code>*.local.md</code> for personal preferences and ensure those files are ignored, never synced or exported.</li>
-    <li><strong>Scope memory:</strong> local-only memory for individuals; shared Postgres or hosted team memory only when row-level scope is explicit.</li>
-    <li><strong>Gate agent-operating files:</strong> edits to skills, MCP config, hooks, workflow contracts, and source-of-truth exports require evidence or approval.</li>
-    <li><strong>Version the OS:</strong> markdown exports, skills, and policies should be git-reviewable even when non-technical teammates edit the upstream source.</li>
-  </ol>
-
-  <h2>Team policy contract</h2>
-  <div class="callout">
-<pre><code>{
-  "client_scope": "acme",
-  "source_of_truth": ["Google Drive", "Notion"],
-  "version_backup": "github.com/company/acme-agentic-os",
-  "local_overrides": ["CLAUDE.local.md", "AGENTS.local.md"],
-  "protected_paths": [".agents/skills/**", ".mcp.json", "AGENTS.md"],
-  "memory_scope": {
-    "mode": "shared",
-    "requires_rls": true,
-    "filter_keys": ["client_id", "user_id", "workspace_id"]
-  },
-  "required_evidence": ["permission_diff", "git_diff", "sync_log"]
-}</code></pre>
-  </div>
-
-  <p>That contract can feed ThumbGate's task scope and workflow gates. If an agent tries to edit a protected operating file, access the wrong client memory, or publish a sync without evidence, the gate blocks or pauses the action before execution.</p>
-
-  <h2>High-ROI product work</h2>
-  <ul>
-    <li><strong>Agentic OS audit command:</strong> inspect markdown tiers, local override ignores, protected agent files, and sync evidence.</li>
-    <li><strong>Permission mirror report:</strong> compare declared drive/editor access to repo and hosted-memory access.</li>
-    <li><strong>Memory-scope gate:</strong> warn on local-only teams trying to share memory; block shared stores without client/user scope.</li>
-    <li><strong>Operating-file gate template:</strong> protect skills, MCP config, hooks, workflow contracts, and source-of-truth exports by default.</li>
-  </ul>
-
-  <div class="callout callout-green">
-    <strong>Enterprise wedge:</strong> "Bring your Notion, Drive, GitHub, and agents. ThumbGate verifies the boundaries before the Agentic OS acts."
-  </div>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Audit one team Agentic OS</h2>
-    <p>Start with one client scope, one source-of-truth folder, and one repo-backed agent operating layer.</p>
-    <div class="cta-install">$ npx thumbgate agentic-os-audit --check</div>
-  </div>
-
-  <div class="related">
-    <h3>Related articles</h3>
-    <a href="/learn/codex-role-plugins-need-governance">Codex Role Plugins Need Pre-Action Governance &rarr;</a>
-    <a href="/learn/agentic-enterprise-context-brain">Agentic Enterprise Context Brain &rarr;</a>
-    <a href="/learn/deterministic-agent-workflows">Deterministic Agent Workflows Need Runtime Gates &rarr;</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
-  </div>
-</div>
-
-<div class="sticky-cta">
-  <span style="color:var(--muted)">Try it now:</span>
-  <code>npx thumbgate init --team</code>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-</div>
-</body>
-</html>

package/public/learn/ai-agent-governance.html

@@ -1,158 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>AI Agent Governance — The Four Layers and Where ThumbGate Fits</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="AI agent governance has four layers: prompt rules, decorator wrappers, pre-action hooks, sandbox isolation. Pick the layer that matches your stack — and understand why prompt rules alone fail.">
-<meta name="keywords" content="AI agent governance, runtime governance, pre-action hooks, agent policy enforcement, agent decorator, ThumbGate, agent sandbox, Claude Code governance">
-<meta property="og:title" content="AI Agent Governance — The Four Layers Pattern">
-<meta property="og:description" content="Four governance layers exist for AI agents. Each catches a different failure mode. Picking the right one is the whole game.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/ai-agent-governance">
-<link rel="canonical" href="https://thumbgate.ai/learn/ai-agent-governance">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "AI Agent Governance — The Four Layers and Where ThumbGate Fits",
-  "description": "AI agent governance breaks into four layers: prompt rules, decorator wrappers, pre-action hooks, and sandbox isolation. Each catches a different failure mode; picking the right one for your stack is the whole game.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-05-15",
-  "dateModified": "2026-05-15",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/ai-agent-governance"
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  .layers { display: grid; grid-template-columns: 1fr; gap: 12px; margin: 1.5rem 0; }
-  .layer { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem 1.25rem; }
-  .layer h3 { margin-top: 0; }
-  .layer .where { color: var(--muted); font-size: 0.9rem; margin-bottom: 0.5rem; }
-  .layer .catches { color: var(--green); font-weight: 600; font-size: 0.9rem; }
-  .layer .misses { color: var(--red); font-weight: 600; font-size: 0.9rem; }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/pricing">Pricing</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / AI Agent Governance</div>
-  <h1>AI Agent Governance</h1>
-  <p style="color:var(--muted);">6 min read · For teams choosing where to enforce agent behavior</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> AI agent governance has four layers — prompt rules, decorator wrappers, pre-action hooks, and sandbox isolation. Each catches a different class of failure. Prompt rules alone fail because they live inside the agent's context and get evicted under pressure. The layer you actually need depends on whether your stakes are per-call (decorator), per-tool (hook), or per-process (sandbox).</div>
-
-  <h2>What "governance" actually means here</h2>
-  <p>The dominant failure mode of agent frameworks isn't that the agent picked the wrong next step in isolation — it's that the agent took an action you can't undo. Dropped a production table. Force-pushed over a colleague's commit. Wrote credentials to a public log file. Installed a package the team had already rejected.</p>
-  <p>Governance is the layer of code that decides whether an action is allowed <em>before</em> the action runs. The post-hoc audit log is forensics; governance is prevention.</p>
-
-  <h2>The four layers</h2>
-
-  <div class="layers">
-    <div class="layer">
-      <h3>1. Prompt-level rules</h3>
-      <div class="where">Lives in <code>CLAUDE.md</code>, <code>.cursorrules</code>, system prompt, AGENTS.md.</div>
-      <p>Tell the agent what not to do. Cheap, fast, expressive.</p>
-      <p class="catches">Catches: stylistic and intent-level mistakes the agent can recognize.</p>
-      <p class="misses">Misses: anything the agent forgets when context pressure compresses the early instructions out. Misses every action the agent doesn't categorize as "rule-relevant" at decision time.</p>
-    </div>
-
-    <div class="layer">
-      <h3>2. Decorator wrappers</h3>
-      <div class="where">In-process wrapper around the agent's tool functions. Examples: Rein (Python), function decorators in LangChain-style frameworks.</div>
-      <p>Wrap the function. The wrapper checks a policy before forwarding the call to the underlying tool.</p>
-      <p class="catches">Catches: actions through the wrapped function path. Per-call policy enforcement. Audit-trail capture.</p>
-      <p class="misses">Misses: actions that bypass the wrapped function — direct subprocess calls, raw HTTP requests, plugins that skip the framework's tool registry.</p>
-    </div>
-
-    <div class="layer">
-      <h3>3. Pre-action hooks</h3>
-      <div class="where">Out-of-process intercept at the agent runtime's tool-call boundary. Examples: MCP PreToolUse hooks, Claude Code hooks, ThumbGate.</div>
-      <p>The hook runs in a separate process from the agent. The agent emits a tool-call intent; the hook accepts, rejects, or transforms it before the tool itself sees it.</p>
-      <p class="catches">Catches: every tool call the agent runtime mediates. Works across agent CLIs (Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode). Survives context-eviction because the hook is not in the agent's context.</p>
-      <p class="misses">Misses: actions taken by tools the runtime doesn't know about (e.g., a sub-process opening its own network socket after the initial allowed call).</p>
-    </div>
-
-    <div class="layer">
-      <h3>4. Sandbox isolation</h3>
-      <div class="where">OS- or VM-level isolation. Examples: Docker / microVMs / seccomp / AppArmor / macOS sandbox profiles.</div>
-      <p>The agent runs inside a sandboxed environment that physically cannot reach production data, the host filesystem outside the project, or arbitrary network endpoints.</p>
-      <p class="catches">Catches: every action the agent might try, including ones the agent runtime doesn't even know about. Last-line defense.</p>
-      <p class="misses">Misses: nothing at the boundary, but operationally heavy. Requires sandbox-friendly tools, controlled mounts, and a usability cost — the agent can't reach things it legitimately needs without explicit grants.</p>
-    </div>
-  </div>
-
-  <h2>Why prompt rules alone fail</h2>
-  <p>Prompt rules live inside the agent's context. Context is finite. As the conversation grows, the early-system instructions are the first thing to lose attention weight when the model decides what to compress. By the time the agent is on hour two of a session, the <code>CLAUDE.md</code> rule that said "never force-push to main" may not even be in the active reasoning frame.</p>
-  <p>Decorator wrappers, pre-action hooks, and sandbox isolation all live <em>outside</em> the agent's context. They cannot be reasoned around by a model under context pressure — they're not part of the model's input at all.</p>
-
-  <div class="callout callout-green">
-    <strong>Mental model:</strong> Prompt rules are speed limit signs. Decorators are speed bumps. Pre-action hooks are physical barriers at the intersection. Sandbox isolation is a chain-link fence around the whole street.
-  </div>
-
-  <h2>Where ThumbGate fits</h2>
-  <p>ThumbGate runs at layer 3 — pre-action hooks. The hook process intercepts tool calls from Claude Code, Cursor, Codex, Gemini, Amp, Cline, and OpenCode before they fire. Three things make this layer worth the engineering minutes:</p>
-  <ul>
-    <li><strong>Context-eviction immunity.</strong> The hook runs in a different process. The agent can compress, forget, or hallucinate away the rule, and the rule still fires.</li>
-    <li><strong>Cross-agent portability.</strong> One installation, every agent runtime the team uses. The rule "no force-push to main" applies whether today's session is Claude Code or Cursor.</li>
-    <li><strong>Learning loop.</strong> When you give the agent a thumbs-down on a session-time mistake, the feedback becomes a structured prevention rule that auto-fires the next time the same pattern shows up. No policy-authoring step — the operator's correction <em>is</em> the policy.</li>
-  </ul>
-
-  <h2>Picking the layer that matches your stack</h2>
-
-  <ul>
-    <li><strong>If you're writing prompt rules and they "work most of the time":</strong> add a hook layer. Most of the failures you've already absorbed are this category.</li>
-    <li><strong>If you're a Python production app in a regulated domain:</strong> a decorator-level governance layer (e.g. Rein) is the right tradeoff. Per-call stakes are high enough to justify the integration cost.</li>
-    <li><strong>If you're running AI coding agents (Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode):</strong> hook-level governance is the right layer. Your tool-call volume is high; per-call stakes are mixed; learning from feedback dominates.</li>
-    <li><strong>If you're running agents on untrusted code or data:</strong> stack a sandbox layer on top. Hook + sandbox is the strongest combination.</li>
-  </ul>
-
-  <p>These layers are not mutually exclusive. A real production setup typically combines them: prompt rules at the top for intent, a hook layer for tool-call enforcement, a sandbox at the bottom for blast radius.</p>
-
-  <h2>The honest constraint</h2>
-
-  <p>No governance layer is correct if the rules you encode in it are wrong. Layers 2, 3, and 4 enforce policy; they don't generate it. The hard part of governance has never been the enforcement boundary — it's <em>knowing what the agent will get wrong before the agent gets it wrong</em>. That's why ThumbGate emphasizes the feedback loop: most teams can't write the rule until they've watched the agent fail in their codebase. The thumbs-down is the rule's origin.</p>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Pick the layer. Install it once. Move on.</h2>
-    <p>For AI coding agents, the hook layer is where the leverage is. ThumbGate ships as <code>npx thumbgate init</code> and is MIT-licensed at the core.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related guides</h3>
-    <a href="/compare/rein">ThumbGate vs Rein — different layer, different stack →</a>
-    <a href="/learn/spec-driven-development">Spec-Driven Development for AI Agents →</a>
-    <a href="/learn/vibe-coding-safety-net">The Vibe Coding Safety Net You Are Missing →</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained →</a>
-  </div>
-</div>
-
-
-  <div class="sticky-cta">
-    <span style="color:var(--muted)">Try it now:</span>
-    <code>npx thumbgate init</code>
-    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-  </div>
-</body>
-</html>