thumbgate 1.27.7 → 1.27.9

package/public/learn/ai-agent-persistent-memory.html

@@ -0,0 +1,211 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>How to Give Your AI Coding Agent Persistent Memory Across Sessions — ThumbGate</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="AI coding agents forget everything when a session ends. Learn how to give Claude Code, Cursor, Codex, and Gemini persistent memory using an MCP memory server that survives restarts.">
+<meta name="keywords" content="ai agent memory, persistent memory, claude code memory, cursor agent memory, MCP memory server, session persistence, agent context, episodic memory, semantic memory">
+<meta property="og:title" content="How to Give Your AI Coding Agent Persistent Memory Across Sessions">
+<meta property="og:description" content="Context windows are ephemeral. Real memory persists. Here is how to build durable memory for any MCP-compatible AI coding agent.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/ai-agent-persistent-memory">
+<link rel="canonical" href="https://thumbgate.ai/learn/ai-agent-persistent-memory">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "How to Give Your AI Coding Agent Persistent Memory Across Sessions",
+  "description": "AI coding agents forget everything when a session ends. Learn how to give Claude Code, Cursor, Codex, and Gemini persistent memory using an MCP memory server that survives restarts.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "datePublished": "2026-04-02",
+  "dateModified": "2026-04-02",
+  "mainEntityOfPage": "https://thumbgate.ai/learn/ai-agent-persistent-memory",
+  "about": [
+    {"@type": "Thing", "name": "ai agent memory"},
+    {"@type": "Thing", "name": "persistent memory"},
+    {"@type": "Thing", "name": "MCP memory server"},
+    {"@type": "Thing", "name": "session persistence"}
+  ]
+}
+</script>
+
+<link rel="stylesheet" href="/learn/learn.css">
+<style>
+  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
+  th, td { text-align: left; padding: 0.6rem 0.8rem; border-bottom: 1px solid var(--border); font-size: 0.9rem; }
+  th { color: var(--cyan); font-weight: 600; }
+  .memory-row td:first-child { color: var(--green); font-weight: 500; }
+</style>
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / AI Agent Persistent Memory</div>
+  <h1>How to Give Your AI Coding Agent Persistent Memory Across Sessions</h1>
+  <p style="color:var(--muted);">6 min read &middot; For developers using Claude Code, Cursor, Codex, or Gemini who are tired of re-explaining context every session</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> Your AI agent forgets everything between sessions. Give it a SQLite+FTS5 memory that stores lessons, retrieves relevant context, and blocks known-bad actions automatically.</div>
+
+  <h2>The problem: agents forget everything when you close the tab</h2>
+  <p>You spend twenty minutes explaining your codebase to your AI coding agent. You tell it about the monorepo structure, the deployment conventions, the one branch it must never force-push to. The session ends. You come back tomorrow and it has no memory of any of it.</p>
+  <p>You are not doing anything wrong. This is how context windows work. Every session starts with a blank slate. The agent has no continuity of experience — no record of past mistakes, no accumulated knowledge of your project, no recollection of the rules you established last week.</p>
+  <p>The frustration is real and widespread. Developers using Claude Code, Cursor, Codex, and Gemini all hit the same wall. The agents are capable — they just cannot remember.</p>
+
+  <div class="callout">
+    <strong>The distinction that matters:</strong> A context window holds information for one session. Memory holds information across sessions. Most agents have the former. Almost none have the latter by default.
+  </div>
+
+  <h2>Why context windows are not memory</h2>
+  <p>Context windows are large and getting larger. That solves a different problem. A big context window means the agent can reason over more information at once within a single session. It does not mean that information survives when the session ends.</p>
+  <p>Think of the difference this way: a context window is RAM — fast, capacious, gone when the power cuts. Memory is disk — slower to query, but persistent. You need both. Right now, AI coding agents only ship with RAM.</p>
+  <p>The consequences compound over time. An agent with no persistent memory will:</p>
+  <ul>
+    <li>Repeat mistakes it made last week because it has no record of them</li>
+    <li>Re-ask you for project conventions it has already learned once</li>
+    <li>Ignore prevention rules you painstakingly wrote into a prompt — because that prompt is gone</li>
+    <li>Treat every session as if it is the first day on the job</li>
+  </ul>
+  <p>Stuffing facts into a <code>CLAUDE.md</code> file helps, but it is a manual workaround. You are the memory. You remember what to put in the file. You update it when things change. That is not a solution — it is delegation of a machine problem back to a human.</p>
+
+  <div class="callout callout-red">
+    <strong>The hidden cost:</strong> Re-explaining context is not just annoying. Every token you spend re-establishing what the agent already knew is a token not spent on the actual task. And re-explained rules are still just prompt rules — the agent can reason around them.
+  </div>
+
+  <h2>Three types of agent memory</h2>
+  <p>Cognitive science distinguishes several memory types. The same taxonomy maps cleanly onto what AI coding agents need. Here is how each type works and what it looks like in practice:</p>
+
+  <table>
+    <thead>
+      <tr>
+        <th>Memory Type</th>
+        <th>What It Stores</th>
+        <th>Concrete Example</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr class="memory-row">
+        <td>Episodic</td>
+        <td>Records of specific past events — what happened, when, and what the outcome was</td>
+        <td>The agent tried to force-push to main. You gave thumbs-down. That event is stored with context, timestamp, and failure description.</td>
+      </tr>
+      <tr class="memory-row">
+        <td>Semantic</td>
+        <td>Generalised knowledge extracted from episodes — rules, patterns, facts about the world</td>
+        <td>From multiple thumbs-down events, the system derives: "force-pushing to main causes broken deploys in this repo." That becomes a prevention rule.</td>
+      </tr>
+      <tr class="memory-row">
+        <td>Procedural</td>
+        <td>Encoded behaviours — checks that fire before actions without requiring the agent to reason about them</td>
+        <td>A PreToolUse hook that checks every <code>git push</code> command against the prevention rule and blocks the dangerous pattern automatically.</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <p>Most "persistent memory" proposals for AI agents stop at episodic: they store a log of past conversations. That is useful, but insufficient. The signal gets diluted in a sea of raw events. What agents need is the full pipeline: episodes promote to semantic rules, semantic rules compile into procedural checks.</p>
+
+  <h2>How ThumbGate implements persistent memory</h2>
+  <p>ThumbGate is built around this three-tier memory architecture. Here is each layer in concrete terms.</p>
+
+  <h3>Episodic layer: the feedback log</h3>
+  <p>Every thumbs-up or thumbs-down you give an agent action is written to a structured feedback log. Each entry captures the tool call that was made, the context at the time, what worked or went wrong, and any tags you add. The log is append-only and survives across sessions.</p>
+  <p>In the current Claude auto-capture hook, a vague thumbs-down can borrow up to 8 prior recorded entries plus the failed tool call before promotion. Accepted feedback also opens a linked 60-second follow-up session so later corrections stay attached to the same memory trace instead of fragmenting into duplicates.</p>
+
+  <pre><code># Thumbs-down: record a specific failure
+node .claude/scripts/feedback/capture-feedback.js \
+  --feedback=down \
+  --context="deploying to production" \
+  --what-went-wrong="agent ran db migration without backup" \
+  --what-to-change="always checkpoint before schema changes" \
+  --tags="database,migrations,safety"</code></pre>
+
+  <p>You do not need to write this manually for every interaction. The MCP server captures tool calls automatically. Manual feedback is for adding nuance that the agent could not observe on its own.</p>
+
+  <h3>Semantic layer: the lesson database</h3>
+  <p>Raw feedback events are processed into a SQLite database with full-text search (FTS5). This is not a flat file — it is a queryable knowledge store. When a new session starts, the system retrieves lessons relevant to the current task by similarity, not by recency.</p>
+  <p>The FTS5 index means retrieval is fast even as the database grows. You are not loading the entire history into context. You are loading the lessons most likely to matter right now. That is the difference between a knowledge base and a memory dump.</p>
+
+  <h3>Procedural layer: prevention rules and checks</h3>
+  <p>Promoted lessons generate prevention rules in <code>prevention-rules.md</code>. Rules are not prompt instructions — they are checked by a PreToolUse hook that fires before every tool call. The agent cannot reason around a check. The check runs outside the agent's context.</p>
+
+  <div class="callout callout-green">
+    <strong>The promotion pipeline:</strong> Thumbs-down event &rarr; feedback log entry &rarr; lesson promoted to SQLite &rarr; prevention rule generated &rarr; PreToolUse check active for every future session, with no additional setup.
+  </div>
+
+  <h2>Thompson Sampling for memory-informed decisions</h2>
+  <p>Not every prevention rule has the same confidence level. A rule derived from one thumbs-down event is weaker than a rule reinforced by a dozen. ThumbGate uses Thompson Sampling — a multi-armed bandit algorithm — to handle this uncertainty.</p>
+  <p>For each check, the system maintains a Beta distribution over outcomes. As thumbs-up and thumbs-down feedback accumulates, the distribution tightens. A check with high confidence becomes a hard block. A check still gathering signal issues a warning and lets the agent reconsider.</p>
+  <p>This matters for memory because it means the system learns your preferences rather than requiring you to manually tune thresholds. You give feedback. The check calibrates. The agent adapts.</p>
+  <p>Thompson Sampling also prevents over-blocking. If a pattern that was once dangerous stops being a problem — because the codebase changed, or you updated your workflow — thumbs-up feedback on future calls will widen the distribution back toward allowing. Memory is not one-way.</p>
+
+  <h2>Setup: persistent memory in two minutes</h2>
+  <p>ThumbGate ships as an MCP server. Any agent that speaks MCP — Claude Code, Cursor, Codex, Gemini, Amp, OpenCode — can connect to it. You initialize once and the memory layer is active for every subsequent session.</p>
+
+  <pre><code>npx thumbgate init</code></pre>
+
+  <p>That command sets up:</p>
+  <ul>
+    <li>The SQLite+FTS5 lesson database in <code>.claude/memory/</code></li>
+    <li>The feedback log at <code>.claude/memory/feedback/feedback-log.jsonl</code></li>
+    <li>Prevention rules at <code>.claude/memory/feedback/prevention-rules.md</code></li>
+    <li>A PreToolUse hook that reads checks on every tool call</li>
+    <li>The MCP server adapter for your agent runtime</li>
+  </ul>
+
+  <p>After init, your agent starts each session with context assembled from relevant past lessons. It does not start blank. It starts informed.</p>
+
+  <h3>What memory looks like on day one vs. day thirty</h3>
+  <p>On day one, the database is empty. The agent behaves the same as it always has. You give feedback on its actions.</p>
+  <p>By day thirty, the database has accumulated dozens of lessons. The agent's context at session start includes the most relevant ones. Prevention rules have tightened around patterns that caused problems. Patterns that worked have been reinforced. The agent makes fewer mistakes — not because it was retrained, but because the checks learned from your feedback.</p>
+  <p>That is persistent memory in practice: not a bigger context window, not a longer system prompt, but a feedback loop that accumulates signal and converts it into durable enforcement.</p>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Give your agent memory that survives restarts</h2>
+    <p>One command. Works with Claude Code, Cursor, Codex, Gemini, Amp, and any MCP-compatible agent.</p>
+    <div class="cta-install">$ npx thumbgate init</div>
+    <div class="cta-actions" aria-label="Paid ThumbGate options">
+      <a class="cta-link" href="/checkout/pro?utm_source=learn&amp;utm_medium=persistent_memory_article&amp;utm_campaign=memory_to_pro&amp;cta_id=learn_persistent_memory_pro&amp;cta_placement=article_cta&amp;plan_id=pro&amp;billing_cycle=monthly">Get Pro — $19/mo or $149/yr</a>
+      <a class="cta-link cta-link-secondary" rel="nofollow noopener noreferrer" target="_blank" href="https://buy.stripe.com/00w14neyUcXA5pL5e33sI0e">Pay $499 diagnostic</a>
+      <a class="cta-link cta-link-secondary" href="/#workflow-sprint-intake">Send workflow first</a>
+    </div>
+    <p style="font-size:0.85rem;margin-top:0.9rem;">Free is enough for a solo proof. Pro adds dashboard, recall, lesson search, unlimited captures/rules, and DPO export. Use the diagnostic when a team needs a workflow review before rollout.</p>
+  </div>
+
+  <div class="related">
+    <h3>Related articles</h3>
+    <a href="/learn/agent-harness-pattern">The Agent Harness Pattern: Why Your AI Needs a Seatbelt &rarr;</a>
+    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
+    <a href="/learn/stop-ai-agent-force-push">How to Stop AI Agents From Force-Pushing to Main &rarr;</a>
+    <a href="/learn/vibe-coding-safety-net">The Vibe Coding Safety Net You Are Missing &rarr;</a>
+  </div>
+</div>
+
+
+  <div class="sticky-cta">
+    <span style="color:var(--muted)">Try it now:</span>
+    <code>npx thumbgate init</code>
+    <a href="/checkout/pro?utm_source=learn&amp;utm_medium=sticky&amp;utm_campaign=memory_to_pro&amp;cta_id=learn_persistent_memory_sticky_pro&amp;cta_placement=sticky&amp;plan_id=pro&amp;billing_cycle=monthly">Pro &rarr;</a>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+  </div>
+<script src="/js/buyer-intent.js"></script>
+</body>
+</html>

package/public/learn/background-agent-control-layer.html

@@ -0,0 +1,184 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Background Agents Need a Control Layer Outside the Model - ThumbGate</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="Engineering teams are shipping background agents, but the operating system around them is the real bottleneck. Learn where ThumbGate fits: pre-action controls, evidence, and local enforcement outside the model context.">
+<meta name="keywords" content="background agents, AI SDLC, agent control layer, pre-action checks, agent governance, agent operating system, AI software engineering agents, ThumbGate">
+<meta property="og:title" content="Background Agents Need a Control Layer Outside the Model">
+<meta property="og:description" content="Agents can produce work. Production teams still need triggers, isolated runs, context, visibility, and controls. ThumbGate owns the controls and evidence layer.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/background-agent-control-layer">
+<link rel="canonical" href="https://thumbgate.ai/learn/background-agent-control-layer">
+<link rel="stylesheet" href="/learn/learn.css">
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Background Agents Need a Control Layer Outside the Model",
+  "description": "A practical map of the control and evidence layer teams need around background AI software engineering agents.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "datePublished": "2026-05-25",
+  "dateModified": "2026-05-25",
+  "mainEntityOfPage": "https://thumbgate.ai/learn/background-agent-control-layer",
+  "about": [
+    { "@type": "Thing", "name": "background agents" },
+    { "@type": "Thing", "name": "AI SDLC" },
+    { "@type": "Thing", "name": "pre-action checks" },
+    { "@type": "Thing", "name": "agent governance" }
+  ]
+}
+</script>
+<style>
+  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
+  th, td { text-align: left; padding: 0.7rem 0.8rem; border-bottom: 1px solid var(--border); vertical-align: top; font-size: 0.92rem; }
+  th { color: var(--cyan); font-weight: 700; }
+  .layer strong { color: var(--green); }
+  .mini-grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 1rem; margin: 1.25rem 0; }
+  .mini-card { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; }
+  .mini-card h3 { margin-top: 0; color: var(--text); }
+  .mini-card p { color: var(--muted); }
+  @media (max-width: 700px) { .mini-grid { grid-template-columns: 1fr; } }
+</style>
+</head>
+<body>
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / Background Agent Control Layer</div>
+  <h1>Background agents need a control layer outside the model.</h1>
+  <p style="color:var(--muted);">5 min read &middot; For engineering leaders moving from individual AI coding to team-scale background agents</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> The hard part is no longer proving an agent can open a pull request. The hard part is the system around it: what starts the work, where it runs, what context it gets, what evidence it leaves, and which controls run outside the model context.</div>
+
+  <h2>The buyer problem changed</h2>
+  <p>Most AI coding rollouts begin with individual acceleration. A developer uses Claude Code, Cursor, Codex, Gemini, or a background agent and gets faster at producing diffs. Then the team hits the next bottleneck: review queues, CI pressure, release routing, credential scope, and unclear accountability.</p>
+  <p>That is the moment agent adoption stops being a prompt-engineering problem and becomes an operating-system problem. The question shifts from "can the agent write code?" to "can the organization safely receive, constrain, inspect, and improve the work?"</p>
+
+  <div class="callout">
+    <strong>ThumbGate's position:</strong> memory and context help the agent know more. A control layer decides what the agent is allowed to do next, records why, and turns repeated failures into enforceable rules.
+  </div>
+
+  <h2>The five layers around a production agent</h2>
+  <p>For teams running agents beyond the IDE, the system usually decomposes into five layers. ThumbGate does not need to replace all five. It wins by being the enforcement and evidence layer that composes with the rest.</p>
+
+  <table>
+    <thead>
+      <tr>
+        <th>Layer</th>
+        <th>Buyer question</th>
+        <th>ThumbGate role</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr class="layer">
+        <td><strong>Triggers</strong></td>
+        <td>What starts the work: ticket, PR, incident, CVE, scheduled migration, or human request?</td>
+        <td>Attach a contract: repo scope, allowed tools, done criteria, review threshold, and blocked-action policy.</td>
+      </tr>
+      <tr class="layer">
+        <td><strong>Isolated runs</strong></td>
+        <td>Where does the agent execute, and which credentials, repos, network paths, and files can it touch?</td>
+        <td>Run pre-action checks in the execution boundary before privileged tools fire.</td>
+      </tr>
+      <tr class="layer">
+        <td><strong>Context</strong></td>
+        <td>What does the agent need beyond the prompt: ownership, CI logs, docs, conventions, and prior failures?</td>
+        <td>Promote feedback and failures into local lessons, then compile trusted lessons into rules.</td>
+      </tr>
+      <tr class="layer">
+        <td><strong>Visibility</strong></td>
+        <td>What evidence can reviewers inspect: logs, diffs, tests, blocked actions, overrides, and decisions?</td>
+        <td>Emit structured evidence for allow, warn, block, override, and handoff decisions.</td>
+      </tr>
+      <tr class="layer">
+        <td><strong>Controls</strong></td>
+        <td>Which governance rules live outside the model so the agent cannot reason around them?</td>
+        <td>Enforce PreToolUse gates, policy bundles, local allowlists, and repeated-failure prevention rules.</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <h2>Why controls outside context matter</h2>
+  <p>A prompt rule is useful until the model forgets it, compresses it away, misunderstands it, or decides a new situation is an exception. A pre-action control does not depend on the model remembering the rule. It sees the proposed tool call and returns allow, warn, block, or review.</p>
+  <p>That is a different category of safety. It is not a bigger memory. It is a runtime boundary.</p>
+
+  <div class="mini-grid">
+    <div class="mini-card">
+      <h3>Memory answers what happened</h3>
+      <p>It stores prior runs, feedback, conventions, and task context so the agent stops starting from zero.</p>
+    </div>
+    <div class="mini-card">
+      <h3>Controls answer whether this may run</h3>
+      <p>They block known-bad actions before execution and preserve proof that the decision happened.</p>
+    </div>
+  </div>
+
+  <h2>The high-ROI starting workflows</h2>
+  <p>Start with work that already has clear, verifiable criteria. That gives the control layer a concrete success standard instead of a vague promise.</p>
+  <ul>
+    <li><strong>CVE remediation:</strong> trigger from advisory, limit repo scope, run tests, block unsafe dependency changes, create PR evidence.</li>
+    <li><strong>CI/CD migrations:</strong> enforce branch, environment, and secret boundaries before the agent edits pipelines.</li>
+    <li><strong>Test generation:</strong> require failing-before/passing-after proof before marking a run complete.</li>
+    <li><strong>Documentation updates:</strong> block edits that cite unsupported claims, stale endpoints, or missing proof links.</li>
+    <li><strong>Legal or regulated intake:</strong> block advice-shaped responses, confidential egress, and unapproved model calls before they happen.</li>
+  </ul>
+
+  <h2>How ThumbGate fits next to background-agent platforms</h2>
+  <p>Background-agent platforms provide orchestration, environments, and fleet execution. ThumbGate should not pretend to replace that stack. It should attach as the local enforcement and proof layer across agents, models, repos, and workflows.</p>
+  <p>The integration shape is simple: when an agent proposes an action, ThumbGate evaluates the action against local rules and prior failures. If the action is safe, it proceeds and logs evidence. If the action matches a known-bad pattern, it blocks or routes to review before the tool runs.</p>
+
+  <div class="callout callout-green">
+    <strong>Sales line:</strong> If your team already has agents, ThumbGate helps you ship the system around them: pre-action controls, reviewable evidence, and local rules that survive model churn.
+  </div>
+
+  <h2>What to show in a buyer demo</h2>
+  <ol>
+    <li>One trigger with a clear contract: repo, task, allowed tools, and done criteria.</li>
+    <li>One proposed risky action stopped before execution.</li>
+    <li>One safe action allowed with evidence attached.</li>
+    <li>One failure converted into a reusable rule.</li>
+    <li>One export that a reviewer, security lead, or risk officer can inspect later.</li>
+  </ol>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Add the control layer before agents scale</h2>
+    <p>Install local pre-action gates, then decide which workflows deserve hosted evidence, team rules, and audit exports.</p>
+    <div class="cta-install">$ npx thumbgate init</div>
+  </div>
+
+  <div class="related">
+    <h3>Related articles</h3>
+    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
+    <a href="/learn/ai-agent-persistent-memory">AI Agent Persistent Memory &rarr;</a>
+    <a href="/learn/regulated-agent-execution-boundary">Regulated Agent Execution Boundary &rarr;</a>
+    <a href="/learn/ac-dc-runtime-enforcement">AC/DC Runtime Enforcement &rarr;</a>
+    <a href="/learn/feedback-loop-vs-decision-layer">The Feedback Loop vs the Decision Layer &rarr;</a>
+    <a href="/ai-malpractice-prevention">Pre-Execution Controls for Legal AI Agents &rarr;</a>
+  </div>
+</div>
+
+<div class="sticky-cta">
+  <span style="color:var(--muted)">Try it now:</span>
+  <code>npx thumbgate init</code>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+</div>
+</body>
+</html>

package/public/learn/claude-code-goal-with-rubrics.html

@@ -0,0 +1,205 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Claude Code /goal vs Todo: The 4-Field Pattern That Actually Holds — ThumbGate</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="Treating /goal like a todo wastes Claude Code. The pattern that holds: clear goal, measurable success, shown proof, hard limits. Maps directly to ThumbGate's rubric-engine for enforced verification.">
+<meta name="keywords" content="claude code /goal, claude code goal command, agent goal pattern, measurable success criteria, rubric engine, AI agent verification, ThumbGate rubric">
+<meta property="og:title" content="Claude Code /goal vs Todo: The 4-Field Pattern That Actually Holds">
+<meta property="og:description" content="The /goal command becomes ten times more useful when you treat it as a verifiable contract, not a todo. Here is the 4-field pattern and how to enforce it.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/claude-code-goal-with-rubrics">
+<link rel="canonical" href="https://thumbgate.ai/learn/claude-code-goal-with-rubrics">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Claude Code /goal vs Todo: The 4-Field Pattern That Actually Holds",
+  "description": "Treating /goal like a todo wastes Claude Code. The pattern that holds: clear goal, measurable success, shown proof, hard limits — enforced by ThumbGate rubrics.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "datePublished": "2026-05-18",
+  "dateModified": "2026-05-18",
+  "mainEntityOfPage": "https://thumbgate.ai/learn/claude-code-goal-with-rubrics",
+  "about": [
+    {"@type": "Thing", "name": "Claude Code /goal command"},
+    {"@type": "Thing", "name": "AI agent rubric"},
+    {"@type": "Thing", "name": "verifiable AI agent outcomes"}
+  ]
+}
+</script>
+
+<link rel="stylesheet" href="/learn/learn.css">
+<style>
+  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
+  th, td { text-align: left; padding: 0.6rem 0.8rem; border-bottom: 1px solid var(--border); font-size: 0.9rem; vertical-align: top; }
+  th { color: var(--cyan); font-weight: 600; }
+  .mapping-row td:first-child { color: var(--green); font-weight: 500; }
+  pre.example { background: var(--bg-raised); padding: 14px 16px; border-radius: 8px; font-size: 13px; border-left: 3px solid var(--cyan); margin: 12px 0; overflow-x: auto; }
+</style>
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / Claude Code /goal With Rubrics</div>
+  <h1>Claude Code /goal vs Todo: The 4-Field Pattern That Actually Holds</h1>
+  <p style="color:var(--muted);">6 min read &middot; For developers using Claude Code's /goal command in production</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> Treating <code>/goal</code> like a todo wastes the command. The pattern that holds: <strong>clear goal, measurable success, shown proof, hard limits.</strong> That's a 4-field rubric — the same shape ThumbGate's rubric-engine enforces at gate-fire time. Pair them and the agent cannot fake completion.</div>
+
+  <h2>The todo-shaped /goal anti-pattern</h2>
+  <p>A common usage of Claude Code's <code>/goal</code> command looks like this:</p>
+
+  <pre class="example">/goal fix the auth bug</pre>
+
+  <p>This is a todo, not a goal. There is no way for the agent or you to know when the work is actually done. The agent will declare success after the first plausible-looking change, you will discover it was wrong an hour later, and the same conversation will re-enter the loop.</p>
+
+  <div class="callout">
+    <strong>The verifiable-contract reframe:</strong> A goal is not a wish. It is a contract with a clear outcome, a measurable success criterion, an inspectable proof, and a stop condition. Anything short of all four is a todo.
+  </div>
+
+  <h2>The 4-field pattern</h2>
+  <p>Each field maps to a specific failure mode the agent commits when the field is missing:</p>
+
+  <table>
+    <thead>
+      <tr>
+        <th>Field</th>
+        <th>What it answers</th>
+        <th>Failure mode if missing</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr class="mapping-row">
+        <td>1. Clear goal</td>
+        <td>What is the outcome, in one sentence, that someone outside the project would understand?</td>
+        <td>Scope creep. Agent expands the task to whatever it can find.</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>2. Measurable success</td>
+        <td>What single check, run after the work, returns 0 / pass / a specific number?</td>
+        <td>"Looks done." Agent declares completion on optimistic intermediate signals.</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>3. Shown proof</td>
+        <td>What output, file, or screenshot will be in the final message proving the check ran?</td>
+        <td>Hallucinated completion. Agent reports a green test that was never executed.</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>4. Hard limits</td>
+        <td>What is the deadline, retry cap, or scope cliff that stops the work even if not yet "done"?</td>
+        <td>Infinite spin. Agent keeps trying variants past any reasonable budget.</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <h2>Concrete /goal phrasing</h2>
+  <p>Same task, todo-shape vs goal-shape:</p>
+
+  <pre class="example"><strong>Todo shape (anti-pattern):</strong>
+/goal fix the auth bug
+
+<strong>Goal shape:</strong>
+/goal fix the auth bug
+  success: npm test --testPathPattern=auth returns exit 0 with 12 passing
+  proof: paste the final 'PASS auth' line of the test output
+  limit: stop after 3 implementation attempts; if still failing, file a /thumbsdown</pre>
+
+  <p>The agent now has a contract it cannot fake. The success criterion is mechanical (exit code + count). The proof is inspectable (a literal line of output). The limit is a stop condition that triggers a feedback capture instead of a fifth wasted attempt.</p>
+
+  <h2>Where ThumbGate plugs in</h2>
+  <p>The 4-field pattern is exactly the shape of a rubric. ThumbGate's <code>scripts/rubric-engine.js</code> evaluates each completed agent task against a 4-field rubric:</p>
+
+  <table>
+    <thead>
+      <tr>
+        <th>Claude Code /goal field</th>
+        <th>ThumbGate rubric field</th>
+        <th>What ThumbGate does</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr class="mapping-row">
+        <td>Clear goal</td>
+        <td><code>rubric.goal</code></td>
+        <td>Stored as the canonical task description in the feedback log</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>Measurable success</td>
+        <td><code>rubric.verification.check</code></td>
+        <td>The check is run before the agent's "done" claim is promoted to memory</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>Shown proof</td>
+        <td><code>rubric.verification.evidence</code></td>
+        <td>Captured into the lesson DB; missing proof = no promotion</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>Hard limits</td>
+        <td><code>rubric.budget</code></td>
+        <td>Tied to budget-guard.js — when limit hit, ThumbGate forces a thumbs-down capture and surfaces it for review</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <div class="callout callout-green">
+    <strong>Two layers, same shape:</strong> Claude Code's <code>/goal</code> sets the contract at task start. ThumbGate's rubric-engine enforces it at task end. The agent cannot promote a "done" memory unless every rubric field has the proof attached.
+  </div>
+
+  <h2>What this prevents in practice</h2>
+  <p>Three concrete agent failure modes the paired pattern blocks:</p>
+
+  <ul>
+    <li><strong>Test-skipping.</strong> Agent reports "tests pass" but never ran them. Rubric verification.check runs the actual command and refuses the "done" promotion if exit code != 0.</li>
+    <li><strong>Optimistic completion.</strong> Agent declares success on the first plausible change. The proof field requires an inspectable artifact (test output line, screenshot, exit code) that has to exist before promotion.</li>
+    <li><strong>Budget run-away.</strong> Agent retries silently across 8+ attempts. Hard limit triggers a budget-guard block, forces feedback capture, and prevents the same pattern from recurring on the next prompt.</li>
+  </ul>
+
+  <h2>Five minutes to wire it</h2>
+  <p>In your project root:</p>
+
+  <pre><code>npx thumbgate init</code></pre>
+
+  <p>Then, in any conversation, use the goal-shape phrasing above. ThumbGate's rubric-engine runs as part of the PreToolUse hook chain; no extra config required. The first time the agent tries to promote a "done" claim without proof, you'll see the gate fire in your dashboard.</p>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Pair /goal with a rubric the agent cannot fake.</h2>
+    <p>Works with Claude Code, Cursor, Codex, Gemini, Amp, OpenCode, and any MCP-compatible agent.</p>
+    <div class="cta-install">$ npx thumbgate init</div>
+  </div>
+
+  <div class="related">
+    <h3>Related articles</h3>
+    <a href="/learn/agent-harness-pattern">The Agent Harness Pattern: Why Your AI Needs a Seatbelt &rarr;</a>
+    <a href="/learn/agent-swarms-shared-gates">Agent Swarms: One Gate Layer, Every Model &rarr;</a>
+    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
+  </div>
+</div>
+
+
+  <div class="sticky-cta">
+    <span style="color:var(--muted)">Try it now:</span>
+    <code>npx thumbgate init</code>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+  </div>
+</body>
+</html>