thumbgate 1.27.7 → 1.27.9

package/public/learn/codex-role-plugins-need-governance.html

@@ -0,0 +1,125 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Codex Role Plugins Need Pre-Action Governance — ThumbGate</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="Codex plugins, Sites, and annotations move AI work from code into sales, analytics, design, finance, and documents. Teams need pre-action governance before those workflows publish, share, or modify business systems.">
+<meta name="keywords" content="Codex plugins, Codex Sites, Codex annotations, ChatGPT Codex, role-specific AI agents, pre-action governance, Codex plugin governance, ThumbGate">
+<meta property="og:title" content="Codex Role Plugins Need Pre-Action Governance">
+<meta property="og:description" content="As Codex expands beyond coding into role-specific plugins, ThumbGate is the evidence and policy layer before AI work touches business systems.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/codex-role-plugins-need-governance">
+<link rel="canonical" href="https://thumbgate.ai/learn/codex-role-plugins-need-governance">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Codex Role Plugins Need Pre-Action Governance",
+  "description": "Codex plugins, Sites, and annotations move AI work from code into sales, analytics, design, finance, and documents. Teams need pre-action governance before those workflows publish, share, or modify business systems.",
+  "author": { "@type": "Person", "name": "Igor Ganapolsky", "url": "https://github.com/IgorGanapolsky" },
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
+  "datePublished": "2026-06-03",
+  "dateModified": "2026-06-03",
+  "mainEntityOfPage": "https://thumbgate.ai/learn/codex-role-plugins-need-governance",
+  "about": [
+    { "@type": "Thing", "name": "Codex plugins" },
+    { "@type": "Thing", "name": "Codex Sites" },
+    { "@type": "Thing", "name": "role-specific AI agents" },
+    { "@type": "Thing", "name": "pre-action governance" }
+  ]
+}
+</script>
+
+<link rel="stylesheet" href="/learn/learn.css">
+<style>
+  .matrix { width: 100%; border-collapse: collapse; margin: 1rem 0 1.5rem; }
+  .matrix th, .matrix td { text-align: left; padding: 0.7rem 0.8rem; border-bottom: 1px solid var(--border); vertical-align: top; }
+  .matrix th { color: var(--cyan); font-weight: 600; }
+</style>
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / Codex Role Plugin Governance</div>
+  <h1>Codex role plugins need a governance layer before they touch business systems.</h1>
+  <p style="color:var(--muted);">6 min read &middot; For teams adopting Codex plugins, Sites, annotations, and non-developer AI workflows</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> Codex is becoming a cross-functional work surface, not only a coding tool. OpenAI's Codex docs describe plugins as installable bundles of skills, app integrations, and MCP servers, plus Sites for hosted apps and dashboards. That makes ThumbGate's job sharper: enforce policy, evidence, and feedback-derived blocks before role-specific agents publish, share, edit, deploy, or write into customer systems.</div>
+
+  <h2>The product shift</h2>
+  <p>Codex plugins package skills, app integrations, and MCP servers into reusable workflows. Sites can turn Codex output into hosted websites, apps, dashboards, and games. Annotations let a user select part of a document, spreadsheet, or slide and ask Codex to work on that selected region.</p>
+  <p>That is powerful because non-developers can now use the same inspect, edit, verify, report loop on business artifacts. It is risky for the same reason: the action surface expands from code to CRM records, revenue dashboards, design assets, finance decks, sales sequences, and hosted internal tools.</p>
+
+  <div class="callout">
+    <strong>ThumbGate's wedge:</strong> The more Codex becomes a role-specific operating layer, the more every team needs a pre-action policy layer outside the prompt.
+  </div>
+
+  <h2>What can go wrong without gates</h2>
+  <ul>
+    <li>A sales plugin drafts or updates outreach from stale positioning after a thumbs-down already rejected that claim.</li>
+    <li>A data plugin publishes a dashboard before the source query, date window, and metric definition are proven.</li>
+    <li>A Sites workflow deploys a public prototype before access mode, secrets, and intended audience are checked.</li>
+    <li>A document annotation updates one selected section while breaking a compliance statement elsewhere in the same deck.</li>
+    <li>A non-developer approves a tool action without knowing it writes to production systems.</li>
+  </ul>
+
+  <h2>The governance map</h2>
+  <table class="matrix">
+    <thead>
+      <tr><th>Codex surface</th><th>Why it matters</th><th>ThumbGate gate</th></tr>
+    </thead>
+    <tbody>
+      <tr><td>Role plugin</td><td>Bundles repeatable work for sales, analytics, design, finance, and operations.</td><td>Require role-specific allowed tools, scopes, and blocked action patterns before execution.</td></tr>
+      <tr><td>App integration</td><td>Lets Codex read or write external systems.</td><td>Route CRM, email, billing, data warehouse, and file-share writes through approval and audit checks.</td></tr>
+      <tr><td>MCP server</td><td>Adds custom tools and shared information.</td><td>Inventory tools, tag high-risk writes, and block unauthorized tool calls before the model invokes them.</td></tr>
+      <tr><td>Sites</td><td>Turns output into shareable hosted apps and dashboards.</td><td>Require build proof, access mode, secret handling, and deployment evidence before publish.</td></tr>
+      <tr><td>Annotations</td><td>Targets exact regions of documents, spreadsheets, and slides.</td><td>Require source-region evidence and prevent partial edits from bypassing whole-document policy.</td></tr>
+    </tbody>
+  </table>
+
+  <h2>High-ROI implementation</h2>
+  <ol>
+    <li><strong>Ship role-specific gate templates:</strong> sales, analytics, design, finance, legal, and customer-support templates with allowed actions and evidence labels.</li>
+    <li><strong>Make plugin install prove itself:</strong> every Codex plugin install path should end with <code>npx thumbgate feedback-self-test</code> and one real gate check.</li>
+    <li><strong>Gate Sites deploys:</strong> block public deploy or access widening until build, audience, and secret-handling proof are attached.</li>
+    <li><strong>Gate annotated edits:</strong> require the selected artifact region, intended edit, and document-level invariant before saving or exporting.</li>
+    <li><strong>Measure the new buyer metric:</strong> role-workflow repeats blocked before execution, split by role and tool surface.</li>
+  </ol>
+
+  <div class="callout callout-green">
+    <strong>Sales wedge:</strong> "Codex plugins make every team faster. ThumbGate makes every team safer before the plugin writes, shares, deploys, or publishes."
+  </div>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Add gates to one role workflow</h2>
+    <p>Start with the role, the write surface, and the evidence required before that role's agent can claim success.</p>
+    <div class="cta-install">$ npx thumbgate init --agent codex</div>
+  </div>
+
+  <div class="related">
+    <h3>Related articles</h3>
+    <a href="/codex-plugin">ThumbGate for Codex &rarr;</a>
+    <a href="/learn/deterministic-agent-workflows">Deterministic Agent Workflows Need Runtime Gates &rarr;</a>
+    <a href="/learn/agentic-os-team-governance">Agentic OS Team Governance &rarr;</a>
+    <a href="/learn/background-agent-control-layer">Background Agents Need a Control Layer &rarr;</a>
+  </div>
+</div>
+
+<div class="sticky-cta">
+  <span style="color:var(--muted)">Try it now:</span>
+  <code>npx thumbgate init --agent codex</code>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+</div>
+</body>
+</html>

package/public/learn/cost-aware-agent-gate-routing.html

@@ -0,0 +1,173 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Cost-Aware Agent Gate Routing — ThumbGate</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="How ThumbGate routes agent checks through deterministic rules, semantic cache, local classifiers, LLM judges, and human review so teams avoid unnecessary latency, tokens, and provider calls.">
+<meta name="keywords" content="AI agent gate routing, LLM classifier, semantic caching, agent governance, pre-action checks, workflow harness, structured data provenance, ThumbGate">
+<meta property="og:title" content="Cost-Aware Agent Gate Routing">
+<meta property="og:description" content="Use deterministic checks, semantic cache, local classifiers, and LLM judges in the right order before an agent action runs.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/cost-aware-agent-gate-routing">
+<link rel="canonical" href="https://thumbgate.ai/learn/cost-aware-agent-gate-routing">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Cost-Aware Agent Gate Routing",
+  "description": "How ThumbGate routes agent checks through deterministic rules, semantic cache, local classifiers, LLM judges, and human review so teams avoid unnecessary latency, tokens, and provider calls.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "datePublished": "2026-06-03",
+  "dateModified": "2026-06-03",
+  "mainEntityOfPage": "https://thumbgate.ai/learn/cost-aware-agent-gate-routing",
+  "about": [
+    {"@type": "Thing", "name": "pre-action checks"},
+    {"@type": "Thing", "name": "semantic caching"},
+    {"@type": "Thing", "name": "LLM classifiers"},
+    {"@type": "Thing", "name": "agent workflows"}
+  ]
+}
+</script>
+
+<link rel="stylesheet" href="/learn/learn.css">
+<style>
+  .matrix { width: 100%; border-collapse: collapse; margin: 1rem 0 1.5rem; }
+  .matrix th, .matrix td { text-align: left; padding: 0.7rem 0.8rem; border-bottom: 1px solid var(--border); vertical-align: top; }
+  .matrix th { color: var(--cyan); font-weight: 600; }
+  .command { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; margin: 1rem 0; overflow-x: auto; }
+</style>
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / Cost-Aware Gate Routing</div>
+  <h1>Cost-aware agent gates: rules first, models last.</h1>
+  <p style="color:var(--muted);">7 min read &middot; For teams trying to make agent governance fast enough to stay on by default</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> The expensive part of agent governance should not run on every action. ThumbGate should route checks through deterministic rules, semantic cache, local text classifiers, and local semantic recall before using an LLM judge. High-risk private ambiguity should stop for human review instead of calling a cloud model.</div>
+
+  <h2>The pattern across the latest agent infrastructure work</h2>
+  <p>The same lesson keeps showing up in different forms. Semantic caching cuts repeated LLM calls. Traditional text classifiers beat LLMs on speed and cost when labels are clear. Breadth-first query execution batches similar work instead of walking one branch at a time. Structured live dataset agents only become trustworthy when every row has source provenance. Streaming output removes dead air. Dynamic harnesses work best when critic, tournament, loop, and fan-out patterns are selected deliberately.</p>
+  <p>For ThumbGate, these are not separate product bets. They collapse into one control-plane rule: <strong>choose the cheapest reliable gate before the action runs.</strong></p>
+
+  <h2>The routing ladder</h2>
+  <table class="matrix">
+    <thead>
+      <tr>
+        <th>Lane</th>
+        <th>Use when</th>
+        <th>Why it is high ROI</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td>Deterministic</td>
+        <td>Secrets, force-push, destructive SQL, protected files, known repeated commands.</td>
+        <td>Near-zero latency, no tokens, no provider call. This is the default for exact policy risk.</td>
+      </tr>
+      <tr>
+        <td>Semantic cache</td>
+        <td>A prompt or action is semantically equivalent to a prior rejected or approved pattern.</td>
+        <td>Returns the cached decision without rerunning the judge. This is the AISG-style buyer message applied to pre-action checks.</td>
+      </tr>
+      <tr>
+        <td>Rubric gate</td>
+        <td>A critic/rubric loop failed a criterion, hit its cap, or lacks done evidence.</td>
+        <td>Turns LangChain-style rubric iteration into an enforcement event: block completion claims until the missing proof exists.</td>
+      </tr>
+      <tr>
+        <td>Local classical classifier</td>
+        <td>High-volume labels with enough examples and low ambiguity.</td>
+        <td>Fast and cheap for routine feedback triage, import classification, and known error families.</td>
+      </tr>
+      <tr>
+        <td>Local semantic recall</td>
+        <td>Few examples, fuzzy near-misses, or cross-session recurrence.</td>
+        <td>Keeps private context local while catching cases regex and keyword routing miss.</td>
+      </tr>
+      <tr>
+        <td>LLM judge</td>
+        <td>High-risk semantic ambiguity with explicit cloud permission and a budget cap.</td>
+        <td>Useful for critic/rubric review, multi-document evidence review, and structured provenance checks, but not for every action.</td>
+      </tr>
+      <tr>
+        <td>Human review</td>
+        <td>Private, regulated, payment, credential, customer-data, or unbounded external-posting risk.</td>
+        <td>Prevents automation from laundering a risky decision through a model call.</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <h2>What changed in ThumbGate</h2>
+  <p>ThumbGate now has a small, testable routing primitive that makes this policy explicit:</p>
+  <div class="command"><code>node scripts/classifier-routing.js --risk=high --ambiguity=0.82 --allow-cloud --latency-ms=5000</code></div>
+  <p>That command returns an evidence-requiring LLM judge lane. Add <code>--semantic-cache-hit</code>, and it reuses the prior decision without a provider call. Add <code>--rubric-failed</code> or <code>--structured-dataset --missing-provenance</code>, and it blocks completion through the rubric gate. Change the same high-risk ambiguous input to <code>--privacy-sensitive</code> without <code>--allow-cloud</code>, and it routes to human review instead.</p>
+
+  <h2>How the newer signals map to product work</h2>
+  <ul>
+    <li><strong>Scikit-LLM vs traditional classifiers:</strong> do not spend LLM calls on low-ambiguity bulk labels.</li>
+    <li><strong>Semantic proxy caching:</strong> reuse a prior decision when prompt meaning has not changed.</li>
+    <li><strong>LangChain-style rubrics:</strong> turn failed criteria into completion blockers instead of post-hoc scores.</li>
+    <li><strong>Shopify Cardinal BFS:</strong> batch and evaluate similar gate scopes together instead of repeatedly traversing the same nested context.</li>
+    <li><strong>BigSet-style dataset agents:</strong> require structured rows, source URLs, and retrieval traces before accepting live web data.</li>
+    <li><strong>Streaming agent output:</strong> stream progress events during long gate reviews so users know the gate is working.</li>
+    <li><strong>Dynamic harness patterns:</strong> use critic/rubric for correctness, tournament for ranking, loop-until-done for open-ended work, and fan-out/synthesize for parallel research.</li>
+  </ul>
+
+  <div class="callout callout-green">
+    <strong>Buyer proof:</strong> show the same risky action going through three routes: exact repeat blocked instantly, fuzzy repeat caught locally, and genuinely ambiguous production change paused for evidence or human review.
+  </div>
+
+  <h2>Implementation checklist</h2>
+  <ol>
+    <li>Put exact denials and approval boundaries in deterministic checks.</li>
+    <li>Cache semantically equivalent gate decisions with provenance and expiry.</li>
+    <li>Use local text classification for routine high-volume feedback labels.</li>
+    <li>Use local semantic recall for sparse, fuzzy, or cross-session lessons.</li>
+    <li>Treat failed rubrics and missing source provenance as gate failures, not just evaluation notes.</li>
+    <li>Reserve LLM judges for ambiguous high-value decisions with evidence requirements.</li>
+    <li>Stream progress for long reviews and record every routed decision in the audit trail.</li>
+  </ol>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Try the routing primitive</h2>
+    <p>Check the gate lane before spending tokens on a risky decision.</p>
+    <div class="cta-install">$ node scripts/classifier-routing.js --hard-rule --risk=critical</div>
+  </div>
+
+  <div class="related">
+    <h3>Related articles</h3>
+    <a href="/learn/deterministic-agent-workflows">Deterministic Agent Workflows Need Runtime Gates &rarr;</a>
+    <a href="/learn/agentic-os-team-governance">Agentic OS Team Governance &rarr;</a>
+    <a href="/learn/agentic-enterprise-context-brain">Agentic Enterprise Context Brain &rarr;</a>
+    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
+  </div>
+</div>
+
+<div class="sticky-cta">
+  <span style="color:var(--muted)">Install:</span>
+  <code>npx thumbgate init</code>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+</div>
+</body>
+</html>

package/public/learn/databricks-unity-ai-gateway-runtime-governance.html

@@ -0,0 +1,157 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Databricks Unity AI Gateway validates runtime AI governance - ThumbGate</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="Databricks Unity AI Gateway makes runtime AI governance mainstream. The next layer is local pre-action enforcement before developer agents call shell, browser, API, MCP, file, or deploy tools.">
+<meta name="keywords" content="Databricks Unity AI Gateway, AI governance, MCP governance, AI gateway, pre-action enforcement, PreToolUse, ThumbGate">
+<meta property="og:title" content="Databricks validates runtime AI governance">
+<meta property="og:description" content="Enterprise gateways govern the fleet. Local pre-action gates stop the agent action before it fires.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/databricks-unity-ai-gateway-runtime-governance">
+<link rel="canonical" href="https://thumbgate.ai/learn/databricks-unity-ai-gateway-runtime-governance">
+<link rel="stylesheet" href="/learn/learn.css">
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Databricks Unity AI Gateway validates runtime AI governance",
+  "description": "Databricks Unity AI Gateway makes runtime governance for models, agents, MCP services, tools, guardrails, observability, and AI cost controls mainstream. ThumbGate positions as the local pre-action enforcement layer for developer-agent workflows.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "datePublished": "2026-06-20",
+  "dateModified": "2026-06-20",
+  "mainEntityOfPage": "https://thumbgate.ai/learn/databricks-unity-ai-gateway-runtime-governance",
+  "about": [
+    {"@type": "Thing", "name": "Databricks Unity AI Gateway"},
+    {"@type": "Thing", "name": "runtime AI governance"},
+    {"@type": "Thing", "name": "MCP governance"},
+    {"@type": "Thing", "name": "pre-action gates"}
+  ]
+}
+</script>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "What does Databricks Unity AI Gateway change for agent governance?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "It moves the market conversation from static AI governance to runtime governance across models, agents, MCP services, skills, tools, observability, guardrails, and cost controls."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Where does ThumbGate fit?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "ThumbGate fits at the local pre-action boundary. It gates the concrete tool action before a developer agent runs shell, edits files, calls MCP tools, opens browsers, hits APIs, or deploys."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Is this a Databricks partnership claim?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. ThumbGate is not claiming partnership, certification, or endorsement by Databricks. The page uses public Databricks materials as market evidence for runtime governance."
+      }
+    }
+  ]
+}
+</script>
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/compare">Compare</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / Databricks Unity AI Gateway</div>
+  <h1>Databricks validates runtime AI governance. The next layer is pre-action enforcement.</h1>
+  <p style="color:var(--muted);">5 min read &middot; For teams turning enterprise gateway announcements into local agent controls</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> Databricks Unity AI Gateway is a strong market signal: agent governance is moving into runtime interactions across models, agents, MCP services, tools, cost controls, and observability. ThumbGate should ride that signal by owning the local pre-action gate: the moment before a developer agent calls shell, file, browser, API, MCP, or deploy tools.</div>
+
+  <h2>What Databricks made obvious</h2>
+  <p>Databricks describes Unity AI Gateway as governance for enterprise AI runtime interactions. Its launch materials talk about centralizing access and monitoring across AI providers, coding agents, frameworks, applications, custom AI systems, MCP services, tools, guardrails, and AI cost controls.</p>
+  <p>That matters because it tells the buyer what the market now believes: governance cannot stop at policy documents, model catalogs, or dashboards. Once agents use tools, governance has to sit in the path of runtime decisions.</p>
+
+  <h2>Gateway vs gate</h2>
+  <p>An enterprise gateway answers questions like: Which model can this app call? Which MCP service is approved? Which team is burning tokens? Which guardrail applies to this route?</p>
+  <p>A local pre-action gate asks a different question: Should this specific agent action run right now?</p>
+  <ul>
+    <li>Should this command run in this directory?</li>
+    <li>Should this file edit proceed without a verified source?</li>
+    <li>Should this Reddit, LinkedIn, X, or Bluesky post publish without action-time confirmation?</li>
+    <li>Should this deploy continue when tests have not run?</li>
+    <li>Should a repeated failure become a durable prevention rule?</li>
+  </ul>
+
+  <h2>The gap teams still hit locally</h2>
+  <p>Even with a gateway, the developer's local agent can still drift: it can make the same bad claim, call the wrong tool, touch the wrong file, post externally without approval, or spend tokens on a loop that should have stopped earlier. Those are not abstract governance problems. They are workflow failures.</p>
+  <p>ThumbGate's position is not "replace the gateway." The position is: <strong>gateway plus gate</strong>. Use the enterprise gateway for provider, model, service, MCP, and cost governance. Use ThumbGate at the local action boundary where the agent is about to do something irreversible or expensive.</p>
+
+  <h2>What to test this week</h2>
+  <ol>
+    <li>Pick one repeated developer-agent failure: unsafe shell, unsupported claim, unapproved external post, missing test proof, wrong MCP tool, or runaway loop.</li>
+    <li>Turn it into a ThumbGate rule.</li>
+    <li>Run the workflow again and capture whether the bad action is blocked before the tool fires.</li>
+    <li>Package the result as a small proof run: failure, gate, replay, result.</li>
+  </ol>
+
+  <div class="callout callout-green">
+    <p><strong>Revenue framing:</strong> Databricks creates air cover for the budget line. ThumbGate sells the proof run: "Show me one workflow where your agent keeps repeating the same expensive mistake, and I will gate it before action."</p>
+  </div>
+
+  <h2>Sources and positioning</h2>
+  <p>This article is based on public Databricks materials, including the June 2026 Unity AI Gateway launch posts and product page. ThumbGate is not a Databricks partner, product, certification, or endorsed integration. The comparison is architectural positioning.</p>
+  <ul>
+    <li><a href="https://www.databricks.com/blog/ai-governance-data-ai-summit-2026-whats-new-unity-ai-gateway" target="_blank" rel="noopener">Databricks: AI governance at Data + AI Summit 2026</a></li>
+    <li><a href="https://www.databricks.com/blog/whats-new-unity-ai-gateway-service-policies-guardrails-observability-and-cost-controls-ai" target="_blank" rel="noopener">Databricks: service policies, guardrails, observability, and cost controls</a></li>
+    <li><a href="https://www.databricks.com/product/artificial-intelligence/unity-ai-gateway" target="_blank" rel="noopener">Databricks: Unity AI Gateway product page</a></li>
+  </ul>
+
+  <div class="cta-box">
+    <h2>Run the local gate</h2>
+    <p>Start with one repeated agent failure. Gate it before the action executes.</p>
+    <div class="cta-install">npx thumbgate init</div>
+    <div class="cta-actions">
+      <a class="cta-link" href="/compare/databricks-unity-ai-gateway">Compare gateway vs gate</a>
+      <a class="cta-link cta-link-secondary" href="/learn/mcp-pre-action-checks-explained">Read MCP pre-action checks</a>
+    </div>
+  </div>
+
+  <div class="related">
+    <h2>Related</h2>
+    <a href="/compare/databricks-unity-ai-gateway">ThumbGate vs Databricks Unity AI Gateway</a>
+    <a href="/learn/cost-aware-agent-gate-routing">Cost-aware agent gate routing</a>
+    <a href="/learn/background-agent-control-layer">Background agent control layer</a>
+  </div>
+</div>
+
+<div class="sticky-cta">
+  <span>Gate one repeated agent failure</span>
+  <code>npx thumbgate init</code>
+  <a href="/guide?utm_source=databricks_unity_ai_gateway&utm_medium=learn&utm_campaign=runtime_governance">Setup guide</a>
+</div>
+
+</body>
+</html>