thumbgate 1.27.12 → 1.27.14

package/public/learn/ai-agent-persistent-memory.html

@@ -1,211 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>How to Give Your AI Coding Agent Persistent Memory Across Sessions — ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="AI coding agents forget everything when a session ends. Learn how to give Claude Code, Cursor, Codex, and Gemini persistent memory using an MCP memory server that survives restarts.">
-<meta name="keywords" content="ai agent memory, persistent memory, claude code memory, cursor agent memory, MCP memory server, session persistence, agent context, episodic memory, semantic memory">
-<meta property="og:title" content="How to Give Your AI Coding Agent Persistent Memory Across Sessions">
-<meta property="og:description" content="Context windows are ephemeral. Real memory persists. Here is how to build durable memory for any MCP-compatible AI coding agent.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/ai-agent-persistent-memory">
-<link rel="canonical" href="https://thumbgate.ai/learn/ai-agent-persistent-memory">
-
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "How to Give Your AI Coding Agent Persistent Memory Across Sessions",
-  "description": "AI coding agents forget everything when a session ends. Learn how to give Claude Code, Cursor, Codex, and Gemini persistent memory using an MCP memory server that survives restarts.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-04-02",
-  "dateModified": "2026-04-02",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/ai-agent-persistent-memory",
-  "about": [
-    {"@type": "Thing", "name": "ai agent memory"},
-    {"@type": "Thing", "name": "persistent memory"},
-    {"@type": "Thing", "name": "MCP memory server"},
-    {"@type": "Thing", "name": "session persistence"}
-  ]
-}
-</script>
-
-<link rel="stylesheet" href="/learn/learn.css">
-<style>
-  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
-  th, td { text-align: left; padding: 0.6rem 0.8rem; border-bottom: 1px solid var(--border); font-size: 0.9rem; }
-  th { color: var(--cyan); font-weight: 600; }
-  .memory-row td:first-child { color: var(--green); font-weight: 500; }
-</style>
-</head>
-<body>
-
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / AI Agent Persistent Memory</div>
-  <h1>How to Give Your AI Coding Agent Persistent Memory Across Sessions</h1>
-  <p style="color:var(--muted);">6 min read &middot; For developers using Claude Code, Cursor, Codex, or Gemini who are tired of re-explaining context every session</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> Your AI agent forgets everything between sessions. Give it a SQLite+FTS5 memory that stores lessons, retrieves relevant context, and blocks known-bad actions automatically.</div>
-
-  <h2>The problem: agents forget everything when you close the tab</h2>
-  <p>You spend twenty minutes explaining your codebase to your AI coding agent. You tell it about the monorepo structure, the deployment conventions, the one branch it must never force-push to. The session ends. You come back tomorrow and it has no memory of any of it.</p>
-  <p>You are not doing anything wrong. This is how context windows work. Every session starts with a blank slate. The agent has no continuity of experience — no record of past mistakes, no accumulated knowledge of your project, no recollection of the rules you established last week.</p>
-  <p>The frustration is real and widespread. Developers using Claude Code, Cursor, Codex, and Gemini all hit the same wall. The agents are capable — they just cannot remember.</p>
-
-  <div class="callout">
-    <strong>The distinction that matters:</strong> A context window holds information for one session. Memory holds information across sessions. Most agents have the former. Almost none have the latter by default.
-  </div>
-
-  <h2>Why context windows are not memory</h2>
-  <p>Context windows are large and getting larger. That solves a different problem. A big context window means the agent can reason over more information at once within a single session. It does not mean that information survives when the session ends.</p>
-  <p>Think of the difference this way: a context window is RAM — fast, capacious, gone when the power cuts. Memory is disk — slower to query, but persistent. You need both. Right now, AI coding agents only ship with RAM.</p>
-  <p>The consequences compound over time. An agent with no persistent memory will:</p>
-  <ul>
-    <li>Repeat mistakes it made last week because it has no record of them</li>
-    <li>Re-ask you for project conventions it has already learned once</li>
-    <li>Ignore prevention rules you painstakingly wrote into a prompt — because that prompt is gone</li>
-    <li>Treat every session as if it is the first day on the job</li>
-  </ul>
-  <p>Stuffing facts into a <code>CLAUDE.md</code> file helps, but it is a manual workaround. You are the memory. You remember what to put in the file. You update it when things change. That is not a solution — it is delegation of a machine problem back to a human.</p>
-
-  <div class="callout callout-red">
-    <strong>The hidden cost:</strong> Re-explaining context is not just annoying. Every token you spend re-establishing what the agent already knew is a token not spent on the actual task. And re-explained rules are still just prompt rules — the agent can reason around them.
-  </div>
-
-  <h2>Three types of agent memory</h2>
-  <p>Cognitive science distinguishes several memory types. The same taxonomy maps cleanly onto what AI coding agents need. Here is how each type works and what it looks like in practice:</p>
-
-  <table>
-    <thead>
-      <tr>
-        <th>Memory Type</th>
-        <th>What It Stores</th>
-        <th>Concrete Example</th>
-      </tr>
-    </thead>
-    <tbody>
-      <tr class="memory-row">
-        <td>Episodic</td>
-        <td>Records of specific past events — what happened, when, and what the outcome was</td>
-        <td>The agent tried to force-push to main. You gave thumbs-down. That event is stored with context, timestamp, and failure description.</td>
-      </tr>
-      <tr class="memory-row">
-        <td>Semantic</td>
-        <td>Generalised knowledge extracted from episodes — rules, patterns, facts about the world</td>
-        <td>From multiple thumbs-down events, the system derives: "force-pushing to main causes broken deploys in this repo." That becomes a prevention rule.</td>
-      </tr>
-      <tr class="memory-row">
-        <td>Procedural</td>
-        <td>Encoded behaviours — checks that fire before actions without requiring the agent to reason about them</td>
-        <td>A PreToolUse hook that checks every <code>git push</code> command against the prevention rule and blocks the dangerous pattern automatically.</td>
-      </tr>
-    </tbody>
-  </table>
-
-  <p>Most "persistent memory" proposals for AI agents stop at episodic: they store a log of past conversations. That is useful, but insufficient. The signal gets diluted in a sea of raw events. What agents need is the full pipeline: episodes promote to semantic rules, semantic rules compile into procedural checks.</p>
-
-  <h2>How ThumbGate implements persistent memory</h2>
-  <p>ThumbGate is built around this three-tier memory architecture. Here is each layer in concrete terms.</p>
-
-  <h3>Episodic layer: the feedback log</h3>
-  <p>Every thumbs-up or thumbs-down you give an agent action is written to a structured feedback log. Each entry captures the tool call that was made, the context at the time, what worked or went wrong, and any tags you add. The log is append-only and survives across sessions.</p>
-  <p>In the current Claude auto-capture hook, a vague thumbs-down can borrow up to 8 prior recorded entries plus the failed tool call before promotion. Accepted feedback also opens a linked 60-second follow-up session so later corrections stay attached to the same memory trace instead of fragmenting into duplicates.</p>
-
-  <pre><code># Thumbs-down: record a specific failure
-node .claude/scripts/feedback/capture-feedback.js \
-  --feedback=down \
-  --context="deploying to production" \
-  --what-went-wrong="agent ran db migration without backup" \
-  --what-to-change="always checkpoint before schema changes" \
-  --tags="database,migrations,safety"</code></pre>
-
-  <p>You do not need to write this manually for every interaction. The MCP server captures tool calls automatically. Manual feedback is for adding nuance that the agent could not observe on its own.</p>
-
-  <h3>Semantic layer: the lesson database</h3>
-  <p>Raw feedback events are processed into a SQLite database with full-text search (FTS5). This is not a flat file — it is a queryable knowledge store. When a new session starts, the system retrieves lessons relevant to the current task by similarity, not by recency.</p>
-  <p>The FTS5 index means retrieval is fast even as the database grows. You are not loading the entire history into context. You are loading the lessons most likely to matter right now. That is the difference between a knowledge base and a memory dump.</p>
-
-  <h3>Procedural layer: prevention rules and checks</h3>
-  <p>Promoted lessons generate prevention rules in <code>prevention-rules.md</code>. Rules are not prompt instructions — they are checked by a PreToolUse hook that fires before every tool call. The agent cannot reason around a check. The check runs outside the agent's context.</p>
-
-  <div class="callout callout-green">
-    <strong>The promotion pipeline:</strong> Thumbs-down event &rarr; feedback log entry &rarr; lesson promoted to SQLite &rarr; prevention rule generated &rarr; PreToolUse check active for every future session, with no additional setup.
-  </div>
-
-  <h2>Thompson Sampling for memory-informed decisions</h2>
-  <p>Not every prevention rule has the same confidence level. A rule derived from one thumbs-down event is weaker than a rule reinforced by a dozen. ThumbGate uses Thompson Sampling — a multi-armed bandit algorithm — to handle this uncertainty.</p>
-  <p>For each check, the system maintains a Beta distribution over outcomes. As thumbs-up and thumbs-down feedback accumulates, the distribution tightens. A check with high confidence becomes a hard block. A check still gathering signal issues a warning and lets the agent reconsider.</p>
-  <p>This matters for memory because it means the system learns your preferences rather than requiring you to manually tune thresholds. You give feedback. The check calibrates. The agent adapts.</p>
-  <p>Thompson Sampling also prevents over-blocking. If a pattern that was once dangerous stops being a problem — because the codebase changed, or you updated your workflow — thumbs-up feedback on future calls will widen the distribution back toward allowing. Memory is not one-way.</p>
-
-  <h2>Setup: persistent memory in two minutes</h2>
-  <p>ThumbGate ships as an MCP server. Any agent that speaks MCP — Claude Code, Cursor, Codex, Gemini, Amp, OpenCode — can connect to it. You initialize once and the memory layer is active for every subsequent session.</p>
-
-  <pre><code>npx thumbgate init</code></pre>
-
-  <p>That command sets up:</p>
-  <ul>
-    <li>The SQLite+FTS5 lesson database in <code>.claude/memory/</code></li>
-    <li>The feedback log at <code>.claude/memory/feedback/feedback-log.jsonl</code></li>
-    <li>Prevention rules at <code>.claude/memory/feedback/prevention-rules.md</code></li>
-    <li>A PreToolUse hook that reads checks on every tool call</li>
-    <li>The MCP server adapter for your agent runtime</li>
-  </ul>
-
-  <p>After init, your agent starts each session with context assembled from relevant past lessons. It does not start blank. It starts informed.</p>
-
-  <h3>What memory looks like on day one vs. day thirty</h3>
-  <p>On day one, the database is empty. The agent behaves the same as it always has. You give feedback on its actions.</p>
-  <p>By day thirty, the database has accumulated dozens of lessons. The agent's context at session start includes the most relevant ones. Prevention rules have tightened around patterns that caused problems. Patterns that worked have been reinforced. The agent makes fewer mistakes — not because it was retrained, but because the checks learned from your feedback.</p>
-  <p>That is persistent memory in practice: not a bigger context window, not a longer system prompt, but a feedback loop that accumulates signal and converts it into durable enforcement.</p>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Give your agent memory that survives restarts</h2>
-    <p>One command. Works with Claude Code, Cursor, Codex, Gemini, Amp, and any MCP-compatible agent.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-    <div class="cta-actions" aria-label="Paid ThumbGate options">
-      <a class="cta-link" href="/checkout/pro?utm_source=learn&amp;utm_medium=persistent_memory_article&amp;utm_campaign=memory_to_pro&amp;cta_id=learn_persistent_memory_pro&amp;cta_placement=article_cta&amp;plan_id=pro&amp;billing_cycle=monthly">Get Pro — $19/mo or $149/yr</a>
-      <a class="cta-link cta-link-secondary" rel="nofollow noopener noreferrer" target="_blank" href="https://buy.stripe.com/00w14neyUcXA5pL5e33sI0e">Pay $499 diagnostic</a>
-      <a class="cta-link cta-link-secondary" href="/#workflow-sprint-intake">Send workflow first</a>
-    </div>
-    <p style="font-size:0.85rem;margin-top:0.9rem;">Free is enough for a solo proof. Pro adds dashboard, recall, lesson search, unlimited captures/rules, and DPO export. Use the diagnostic when a team needs a workflow review before rollout.</p>
-  </div>
-
-  <div class="related">
-    <h3>Related articles</h3>
-    <a href="/learn/agent-harness-pattern">The Agent Harness Pattern: Why Your AI Needs a Seatbelt &rarr;</a>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
-    <a href="/learn/stop-ai-agent-force-push">How to Stop AI Agents From Force-Pushing to Main &rarr;</a>
-    <a href="/learn/vibe-coding-safety-net">The Vibe Coding Safety Net You Are Missing &rarr;</a>
-  </div>
-</div>
-
-
-  <div class="sticky-cta">
-    <span style="color:var(--muted)">Try it now:</span>
-    <code>npx thumbgate init</code>
-    <a href="/checkout/pro?utm_source=learn&amp;utm_medium=sticky&amp;utm_campaign=memory_to_pro&amp;cta_id=learn_persistent_memory_sticky_pro&amp;cta_placement=sticky&amp;plan_id=pro&amp;billing_cycle=monthly">Pro &rarr;</a>
-    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-  </div>
-<script src="/js/buyer-intent.js"></script>
-</body>
-</html>

package/public/learn/anthropomorphic-claim-gates.html

@@ -1,180 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Anthropomorphic Claim Gates for AI Agents — ThumbGate</title>
-<meta name="description" content="How ThumbGate turns AI anthropomorphism research into a pre-action claim gate: do not let agents claim models understand, know, decide, or act human-like without measurement criteria and evidence.">
-<link rel="canonical" href="https://thumbgate.ai/learn/anthropomorphic-claim-gates">
-<link rel="llm-context" href="/llm-context.md" type="text/markdown">
-<link rel="icon" type="image/png" href="/thumbgate-icon.png">
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta property="og:title" content="Anthropomorphic Claim Gates for AI Agents">
-<meta property="og:description" content="Stop agents from smuggling human-like claims into production decisions without explicit measurement criteria and evidence.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/anthropomorphic-claim-gates">
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "Anthropomorphic Claim Gates for AI Agents",
-  "description": "A ThumbGate implementation pattern for blocking unsupported human-like or cognitive claims about AI systems until explicit measurement criteria and evidence are attached.",
-  "datePublished": "2026-06-20",
-  "dateModified": "2026-06-20",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "about": [
-    "AI agent governance",
-    "claim verification",
-    "anthropomorphism",
-    "pre-action gates"
-  ],
-  "url": "https://thumbgate.ai/learn/anthropomorphic-claim-gates"
-}
-</script>
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "FAQPage",
-  "mainEntity": [
-    {
-      "@type": "Question",
-      "name": "What is an anthropomorphic claim gate?",
-      "acceptedAnswer": {
-        "@type": "Answer",
-        "text": "It is a pre-action check that blocks claims such as an AI agent understands, knows, decides, wants, or behaves human-like until the operator records explicit measurement criteria and evidence."
-      }
-    },
-    {
-      "@type": "Question",
-      "name": "Why does this matter for AI agent governance?",
-      "acceptedAnswer": {
-        "@type": "Answer",
-        "text": "Unsupported cognitive claims can make teams over-trust an agent. ThumbGate turns those claims into verifiable gates before they influence production actions, audits, or buyer promises."
-      }
-    }
-  ]
-}
-</script>
-<style>
-  *, *::before, *::after { box-sizing: border-box; }
-  body {
-    margin: 0;
-    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
-    background: #0a0a0b;
-    color: #ececf0;
-    line-height: 1.65;
-  }
-  nav {
-    display: flex;
-    gap: 22px;
-    align-items: center;
-    padding: 16px 28px;
-    border-bottom: 1px solid #242428;
-  }
-  nav a { color: #a7a7b1; text-decoration: none; font-size: 0.95rem; }
-  nav a:hover { color: #22d3ee; }
-  .brand { color: #fff; font-weight: 700; display: inline-flex; gap: 8px; align-items: center; }
-  .brand img { width: 28px; height: 28px; }
-  main { max-width: 860px; margin: 0 auto; padding: 48px 22px 72px; }
-  h1 { font-size: clamp(2rem, 5vw, 3.6rem); line-height: 1.05; margin: 0 0 18px; max-width: 760px; }
-  h2 { color: #22d3ee; font-size: 1.45rem; margin: 42px 0 14px; }
-  p { margin: 0 0 16px; color: #d6d6de; }
-  a { color: #67e8f9; }
-  .lede { color: #a7a7b1; font-size: 1.15rem; max-width: 720px; }
-  .callout {
-    margin: 30px 0;
-    border: 1px solid #303039;
-    background: #151518;
-    border-radius: 8px;
-    padding: 22px;
-  }
-  .grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 18px; margin: 24px 0; }
-  .card {
-    border: 1px solid #26262c;
-    background: #111114;
-    border-radius: 8px;
-    padding: 18px;
-  }
-  .card strong { display: block; margin-bottom: 8px; color: #fff; }
-  code, pre {
-    font-family: "SF Mono", "Cascadia Code", "JetBrains Mono", Consolas, monospace;
-  }
-  pre {
-    overflow-x: auto;
-    background: #050506;
-    border: 1px solid #25252a;
-    border-radius: 8px;
-    padding: 18px;
-    color: #d7f9ff;
-  }
-  .source-note { color: #8f8f99; font-size: 0.92rem; }
-  .cta {
-    display: inline-block;
-    margin-top: 16px;
-    padding: 11px 18px;
-    border-radius: 8px;
-    background: #22d3ee;
-    color: #031114;
-    text-decoration: none;
-    font-weight: 700;
-  }
-  @media (max-width: 720px) {
-    nav { padding: 14px 18px; gap: 14px; flex-wrap: wrap; }
-    main { padding-top: 32px; }
-    .grid { grid-template-columns: 1fr; }
-  }
-</style>
-</head>
-<body>
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" width="28" height="28">ThumbGate</a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/compare/databricks-unity-ai-gateway">Databricks comparison</a>
-</nav>
-<main>
-  <h1>Anthropomorphic claim gates for AI agents</h1>
-  <p class="lede">A model may produce useful work. That does not mean it understands, knows, decides, wants, or behaves human-like. ThumbGate now treats those phrases as claims that need measurement criteria before they can influence a production decision.</p>
-
-  <div class="callout">
-    <p><strong>The high-ROI lesson:</strong> stop debating whether the agent is smart. Gate the claim. If an operator or agent says an AI system has a human-like attribute, require a tested attribute, interface/substrate context, evaluator, and evidence before accepting the statement.</p>
-    <p class="source-note">Research anchor: Adrian de Wynter's arXiv paper, <a href="https://arxiv.org/abs/2605.31514" rel="noopener">If LLMs Have Human-Like Attributes, Then So Does Age of Empires II</a>. A public X post by Rohan Paul surfaced the paper as a reminder to avoid treating LLMs as human-like without clear tests and narrower claims.</p>
-  </div>
-
-  <h2>What changes in ThumbGate</h2>
-  <p>ThumbGate's default claim-verification config now includes an anthropomorphic AI claim gate. It catches unsupported statements like:</p>
-  <div class="grid">
-    <div class="card"><strong>Blocked without evidence</strong> "The agent understands the user's intent."</div>
-    <div class="card"><strong>Blocked without evidence</strong> "The model decided this was safe."</div>
-    <div class="card"><strong>Blocked without evidence</strong> "This assistant is human-like on workflow judgment."</div>
-    <div class="card"><strong>Accepted after proof</strong> "The model matched human annotators on this narrow benchmark, with criteria and evaluator recorded."</div>
-  </div>
-
-  <h2>The rule shape</h2>
-  <p>The gate does not ban research or careful measurement. It blocks vague cognitive language until a proof action is recorded.</p>
-  <pre><code>track_action("anthropomorphic_claim_verified", {
-  criteria: "attribute under test",
-  interface: "where and how the model was evaluated",
-  evaluator: "script, benchmark, reviewer, or study",
-  evidence: "report, paper, trace, or benchmark output"
-})</code></pre>
-
-  <h2>Why buyers care</h2>
-  <p>Unsupported human-like claims create audit risk. They make it easy for a team to over-trust a chatbot, agent, or orchestration layer and then explain a bad outcome with vibes instead of evidence.</p>
-  <p>For regulated, enterprise, and customer-facing workflows, this is a governance gap. ThumbGate turns the gap into a small deterministic check before the next claim is accepted.</p>
-
-  <h2>Where this fits</h2>
-  <p>Enterprise AI gateways can govern models, traffic, credentials, spend, and observability. ThumbGate handles the local pre-action surface: the moment an agent tries to claim something, execute a tool, publish a result, or tell the operator the work is safe.</p>
-  <p><a class="cta" href="/guide">Install ThumbGate locally</a></p>
-</main>
-</body>
-</html>

package/public/learn/background-agent-control-layer.html

@@ -1,184 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Background Agents Need a Control Layer Outside the Model - ThumbGate</title>
-<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
-<meta name="description" content="Engineering teams are shipping background agents, but the operating system around them is the real bottleneck. Learn where ThumbGate fits: pre-action controls, evidence, and local enforcement outside the model context.">
-<meta name="keywords" content="background agents, AI SDLC, agent control layer, pre-action checks, agent governance, agent operating system, AI software engineering agents, ThumbGate">
-<meta property="og:title" content="Background Agents Need a Control Layer Outside the Model">
-<meta property="og:description" content="Agents can produce work. Production teams still need triggers, isolated runs, context, visibility, and controls. ThumbGate owns the controls and evidence layer.">
-<meta property="og:type" content="article">
-<meta property="og:url" content="https://thumbgate.ai/learn/background-agent-control-layer">
-<link rel="canonical" href="https://thumbgate.ai/learn/background-agent-control-layer">
-<link rel="stylesheet" href="/learn/learn.css">
-<script type="application/ld+json">
-{
-  "@context": "https://schema.org",
-  "@type": "TechArticle",
-  "headline": "Background Agents Need a Control Layer Outside the Model",
-  "description": "A practical map of the control and evidence layer teams need around background AI software engineering agents.",
-  "author": {
-    "@type": "Person",
-    "name": "Igor Ganapolsky",
-    "url": "https://github.com/IgorGanapolsky"
-  },
-  "publisher": {
-    "@type": "Organization",
-    "name": "ThumbGate",
-    "url": "https://thumbgate.ai"
-  },
-  "datePublished": "2026-05-25",
-  "dateModified": "2026-05-25",
-  "mainEntityOfPage": "https://thumbgate.ai/learn/background-agent-control-layer",
-  "about": [
-    { "@type": "Thing", "name": "background agents" },
-    { "@type": "Thing", "name": "AI SDLC" },
-    { "@type": "Thing", "name": "pre-action checks" },
-    { "@type": "Thing", "name": "agent governance" }
-  ]
-}
-</script>
-<style>
-  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
-  th, td { text-align: left; padding: 0.7rem 0.8rem; border-bottom: 1px solid var(--border); vertical-align: top; font-size: 0.92rem; }
-  th { color: var(--cyan); font-weight: 700; }
-  .layer strong { color: var(--green); }
-  .mini-grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 1rem; margin: 1.25rem 0; }
-  .mini-card { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; }
-  .mini-card h3 { margin-top: 0; color: var(--text); }
-  .mini-card p { color: var(--muted); }
-  @media (max-width: 700px) { .mini-grid { grid-template-columns: 1fr; } }
-</style>
-</head>
-<body>
-<nav>
-  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
-  <a href="/guide">Setup Guide</a>
-  <a href="/learn">Learn</a>
-  <a href="/dashboard">Dashboard</a>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
-</nav>
-
-<div class="container">
-  <div class="breadcrumb"><a href="/learn">Learn</a> / Background Agent Control Layer</div>
-  <h1>Background agents need a control layer outside the model.</h1>
-  <p style="color:var(--muted);">5 min read &middot; For engineering leaders moving from individual AI coding to team-scale background agents</p>
-
-  <div class="tldr"><strong>TL;DR:</strong> The hard part is no longer proving an agent can open a pull request. The hard part is the system around it: what starts the work, where it runs, what context it gets, what evidence it leaves, and which controls run outside the model context.</div>
-
-  <h2>The buyer problem changed</h2>
-  <p>Most AI coding rollouts begin with individual acceleration. A developer uses Claude Code, Cursor, Codex, Gemini, or a background agent and gets faster at producing diffs. Then the team hits the next bottleneck: review queues, CI pressure, release routing, credential scope, and unclear accountability.</p>
-  <p>That is the moment agent adoption stops being a prompt-engineering problem and becomes an operating-system problem. The question shifts from "can the agent write code?" to "can the organization safely receive, constrain, inspect, and improve the work?"</p>
-
-  <div class="callout">
-    <strong>ThumbGate's position:</strong> memory and context help the agent know more. A control layer decides what the agent is allowed to do next, records why, and turns repeated failures into enforceable rules.
-  </div>
-
-  <h2>The five layers around a production agent</h2>
-  <p>For teams running agents beyond the IDE, the system usually decomposes into five layers. ThumbGate does not need to replace all five. It wins by being the enforcement and evidence layer that composes with the rest.</p>
-
-  <table>
-    <thead>
-      <tr>
-        <th>Layer</th>
-        <th>Buyer question</th>
-        <th>ThumbGate role</th>
-      </tr>
-    </thead>
-    <tbody>
-      <tr class="layer">
-        <td><strong>Triggers</strong></td>
-        <td>What starts the work: ticket, PR, incident, CVE, scheduled migration, or human request?</td>
-        <td>Attach a contract: repo scope, allowed tools, done criteria, review threshold, and blocked-action policy.</td>
-      </tr>
-      <tr class="layer">
-        <td><strong>Isolated runs</strong></td>
-        <td>Where does the agent execute, and which credentials, repos, network paths, and files can it touch?</td>
-        <td>Run pre-action checks in the execution boundary before privileged tools fire.</td>
-      </tr>
-      <tr class="layer">
-        <td><strong>Context</strong></td>
-        <td>What does the agent need beyond the prompt: ownership, CI logs, docs, conventions, and prior failures?</td>
-        <td>Promote feedback and failures into local lessons, then compile trusted lessons into rules.</td>
-      </tr>
-      <tr class="layer">
-        <td><strong>Visibility</strong></td>
-        <td>What evidence can reviewers inspect: logs, diffs, tests, blocked actions, overrides, and decisions?</td>
-        <td>Emit structured evidence for allow, warn, block, override, and handoff decisions.</td>
-      </tr>
-      <tr class="layer">
-        <td><strong>Controls</strong></td>
-        <td>Which governance rules live outside the model so the agent cannot reason around them?</td>
-        <td>Enforce PreToolUse gates, policy bundles, local allowlists, and repeated-failure prevention rules.</td>
-      </tr>
-    </tbody>
-  </table>
-
-  <h2>Why controls outside context matter</h2>
-  <p>A prompt rule is useful until the model forgets it, compresses it away, misunderstands it, or decides a new situation is an exception. A pre-action control does not depend on the model remembering the rule. It sees the proposed tool call and returns allow, warn, block, or review.</p>
-  <p>That is a different category of safety. It is not a bigger memory. It is a runtime boundary.</p>
-
-  <div class="mini-grid">
-    <div class="mini-card">
-      <h3>Memory answers what happened</h3>
-      <p>It stores prior runs, feedback, conventions, and task context so the agent stops starting from zero.</p>
-    </div>
-    <div class="mini-card">
-      <h3>Controls answer whether this may run</h3>
-      <p>They block known-bad actions before execution and preserve proof that the decision happened.</p>
-    </div>
-  </div>
-
-  <h2>The high-ROI starting workflows</h2>
-  <p>Start with work that already has clear, verifiable criteria. That gives the control layer a concrete success standard instead of a vague promise.</p>
-  <ul>
-    <li><strong>CVE remediation:</strong> trigger from advisory, limit repo scope, run tests, block unsafe dependency changes, create PR evidence.</li>
-    <li><strong>CI/CD migrations:</strong> enforce branch, environment, and secret boundaries before the agent edits pipelines.</li>
-    <li><strong>Test generation:</strong> require failing-before/passing-after proof before marking a run complete.</li>
-    <li><strong>Documentation updates:</strong> block edits that cite unsupported claims, stale endpoints, or missing proof links.</li>
-    <li><strong>Legal or regulated intake:</strong> block advice-shaped responses, confidential egress, and unapproved model calls before they happen.</li>
-  </ul>
-
-  <h2>How ThumbGate fits next to background-agent platforms</h2>
-  <p>Background-agent platforms provide orchestration, environments, and fleet execution. ThumbGate should not pretend to replace that stack. It should attach as the local enforcement and proof layer across agents, models, repos, and workflows.</p>
-  <p>The integration shape is simple: when an agent proposes an action, ThumbGate evaluates the action against local rules and prior failures. If the action is safe, it proceeds and logs evidence. If the action matches a known-bad pattern, it blocks or routes to review before the tool runs.</p>
-
-  <div class="callout callout-green">
-    <strong>Sales line:</strong> If your team already has agents, ThumbGate helps you ship the system around them: pre-action controls, reviewable evidence, and local rules that survive model churn.
-  </div>
-
-  <h2>What to show in a buyer demo</h2>
-  <ol>
-    <li>One trigger with a clear contract: repo, task, allowed tools, and done criteria.</li>
-    <li>One proposed risky action stopped before execution.</li>
-    <li>One safe action allowed with evidence attached.</li>
-    <li>One failure converted into a reusable rule.</li>
-    <li>One export that a reviewer, security lead, or risk officer can inspect later.</li>
-  </ol>
-
-  <div class="cta-box">
-    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Add the control layer before agents scale</h2>
-    <p>Install local pre-action gates, then decide which workflows deserve hosted evidence, team rules, and audit exports.</p>
-    <div class="cta-install">$ npx thumbgate init</div>
-  </div>
-
-  <div class="related">
-    <h3>Related articles</h3>
-    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
-    <a href="/learn/ai-agent-persistent-memory">AI Agent Persistent Memory &rarr;</a>
-    <a href="/learn/regulated-agent-execution-boundary">Regulated Agent Execution Boundary &rarr;</a>
-    <a href="/learn/ac-dc-runtime-enforcement">AC/DC Runtime Enforcement &rarr;</a>
-    <a href="/learn/feedback-loop-vs-decision-layer">The Feedback Loop vs the Decision Layer &rarr;</a>
-    <a href="/ai-malpractice-prevention">Pre-Execution Controls for Legal AI Agents &rarr;</a>
-  </div>
-</div>
-
-<div class="sticky-cta">
-  <span style="color:var(--muted)">Try it now:</span>
-  <code>npx thumbgate init</code>
-  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
-</div>
-</body>
-</html>