thumbgate 1.27.8 → 1.27.10

package/public/compare/oak-and-sparrow-gatekeeper.html

@@ -0,0 +1,289 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+<title>ThumbGate vs Gatekeeper (Oak & Sparrow) | Agent-Action Gate Pairs With Workforce-Input Gate</title>
+<meta name="description" content="Oak & Sparrow's Gatekeeper sits at the browser boundary to block employees from pasting regulated data into ChatGPT/Copilot/Gemini. ThumbGate sits at the PreToolUse boundary to block AI coding agents from executing bad tool calls. Same deterministic-gate philosophy, different layers. Use both for full coverage." />
+<meta property="og:title" content="ThumbGate vs Gatekeeper | Agent-Action Gate Pairs With Workforce-Input Gate" />
+<meta property="og:description" content="Gatekeeper stops employees from leaking regulated data into commercial AI. ThumbGate stops coding agents from executing bad tool calls. Both deterministic, no AI in the gate. Complementary." />
+<meta property="og:type" content="article" />
+<meta property="og:url" content="https://thumbgate.ai/compare/oak-and-sparrow-gatekeeper" />
+<link rel="canonical" href="https://thumbgate.ai/compare/oak-and-sparrow-gatekeeper" />
+<link rel="llm-context" href="/llm-context.md" type="text/markdown" />
+<link rel="icon" type="image/png" href="/thumbgate-icon.png" />
+<link rel="apple-touch-icon" href="/assets/brand/thumbgate-mark.svg" />
+<meta property="og:image" content="/og.png" />
+<style>
+  :root { --bg: #0a0a0b; --bg-raised: #111113; --bg-card: #161618; --line: #222225; --text: #e8e8ec; --muted: #8b8b96; --cyan: #22d3ee; --green: #4ade80; --amber: #fbbf24; }
+  * { box-sizing: border-box; }
+  body { margin: 0; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif; background: var(--bg); color: var(--text); line-height: 1.65; }
+  a { color: var(--cyan); text-decoration: none; }
+  a:hover { text-decoration: underline; }
+  .container { max-width: 980px; margin: 0 auto; padding: 0 24px; }
+  .topbar { position: sticky; top: 0; z-index: 20; backdrop-filter: blur(12px); background: rgba(10, 10, 11, 0.88); border-bottom: 1px solid var(--line); }
+  .topbar .container { display: flex; justify-content: space-between; align-items: center; padding-top: 14px; padding-bottom: 14px; }
+  .brand { font-weight: 700; color: var(--text); display: inline-flex; align-items: center; gap: 8px; text-decoration: none; }
+  .brand .logo-mark { width: 28px; height: 28px; display: block; }
+  .hero { padding: 72px 0 32px; }
+  .eyebrow { display: inline-flex; align-items: center; gap: 8px; padding: 6px 12px; border-radius: 999px; border: 1px solid rgba(34, 211, 238, 0.22); background: rgba(34, 211, 238, 0.1); color: var(--cyan); text-transform: uppercase; letter-spacing: 0.08em; font-size: 12px; font-weight: 700; }
+  h1 { font-size: clamp(34px, 5vw, 56px); line-height: 1.06; letter-spacing: -0.04em; margin: 16px 0; max-width: 860px; }
+  .hero p { max-width: 760px; color: var(--muted); font-size: 18px; }
+  .grid { display: grid; grid-template-columns: minmax(0, 2fr) minmax(280px, 1fr); gap: 24px; padding-bottom: 72px; }
+  .card, .detail-section, .sidebar-card { background: var(--bg-card); border: 1px solid var(--line); border-radius: 16px; }
+  .card { padding: 24px; }
+  .detail-section { padding: 24px; margin-bottom: 18px; }
+  .detail-section h2 { margin: 0 0 12px; font-size: 24px; letter-spacing: -0.03em; }
+  .detail-section p, .detail-section li, .sidebar-card p { color: var(--muted); }
+  .detail-section ul, .card ul { padding-left: 18px; color: var(--muted); }
+  .comparison-table { width: 100%; border-collapse: collapse; margin-top: 16px; font-size: 14px; }
+  .comparison-table th, .comparison-table td { border: 1px solid var(--line); padding: 12px; text-align: left; vertical-align: top; }
+  .comparison-table th { background: var(--bg-raised); color: var(--cyan); }
+  .pill-row { display: flex; flex-wrap: wrap; gap: 12px; margin-top: 24px; }
+  .pill { border: 1px solid var(--line); background: var(--bg-raised); border-radius: 999px; padding: 10px 14px; font-size: 14px; font-weight: 650; }
+  .pill.good { color: #b8f7c8; border-color: rgba(74, 222, 128, 0.28); background: rgba(74, 222, 128, 0.1); }
+  .pill.warn { color: #ffe2a4; border-color: rgba(251, 191, 36, 0.28); background: rgba(251, 191, 36, 0.1); }
+  .sidebar { display: flex; flex-direction: column; gap: 18px; }
+  .sidebar-card { padding: 20px; }
+  .sidebar-card:first-child { position: sticky; top: 84px; max-height: calc(100vh - 104px); overflow-y: auto; -webkit-overflow-scrolling: touch; }
+  .cta-button { display: inline-flex; align-items: center; justify-content: center; margin-top: 18px; padding: 12px 16px; border-radius: 10px; background: var(--cyan); color: #071116; font-weight: 700; text-decoration: none; }
+  .related-card { display: block; padding: 14px; border-radius: 12px; border: 1px solid var(--line); background: var(--bg-raised); margin-top: 12px; color: var(--text); }
+  .related-label { display: block; color: var(--muted); font-size: 12px; text-transform: uppercase; letter-spacing: 0.08em; margin-bottom: 4px; }
+  .faq-item { border-top: 1px solid var(--line); padding: 14px 0; }
+  .faq-item summary { cursor: pointer; font-weight: 600; }
+  .faq-item p { color: var(--muted); }
+  blockquote { border-left: 3px solid var(--cyan); margin: 14px 0; padding: 6px 16px; color: var(--text); font-style: italic; background: rgba(34, 211, 238, 0.05); }
+  @media (max-width: 860px) { .grid { grid-template-columns: 1fr; } .sidebar-card:first-child { position: static; max-height: none; overflow: visible; } }
+</style>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "ThumbGate vs Gatekeeper (Oak & Sparrow Systems)",
+  "description": "Gatekeeper intercepts employee inputs to commercial AI systems (ChatGPT, Copilot, Gemini) at the browser boundary, blocking violations of HIPAA, FERPA, CCPA, COPPA, CPNI, PCI, FINRA, and the EU AI Act. ThumbGate intercepts AI coding agent tool calls at the PreToolUse boundary inside Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode, and Claude Desktop. Same deterministic-gate architectural philosophy. Different layers, different buyers, zero overlap.",
+  "about": ["thumbgate vs gatekeeper", "AI governance enforcement layer", "PreToolUse hooks vs browser-boundary interception", "deterministic AI gates"],
+  "url": "https://thumbgate.ai/compare/oak-and-sparrow-gatekeeper",
+  "publisher": { "@type": "Organization", "name": "ThumbGate", "url": "https://thumbgate.ai" },
+  "mainEntityOfPage": "https://thumbgate.ai/compare/oak-and-sparrow-gatekeeper"
+}
+</script>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "Is Gatekeeper a competitor to ThumbGate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Architectural cousins, not competitors. Both products share the same enforcement philosophy: deterministic rules, no AI in the gate, sealed audit evidence. But they operate on different surfaces. Gatekeeper (by Oak & Sparrow Systems Enterprise) intercepts the input box of commercial AI tools that employees use — ChatGPT, Copilot, Gemini — at the browser boundary, before regulated data leaves the building. ThumbGate intercepts the tool call an AI coding agent is about to execute — bash, SQL, file write, HTTP fetch, MCP tool — before the side effect happens. Same architectural class, complementary scope."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Should I use Gatekeeper or ThumbGate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Use both if you have both threats. If your concern is employees pasting customer SSNs, PHI, financial records, or other regulated data into ChatGPT/Copilot/Gemini and you need legal-evidence-grade proof that the block happened, that is Gatekeeper's job — it ships 93 deontic rules mapped to HIPAA, FERPA, CCPA, COPPA, CPNI, PCI, FINRA, the EU AI Act, and state chatbot laws. If your concern is an AI coding agent (Claude Code, Cursor, Codex, Gemini CLI, Amp, Cline, OpenCode) running rm -rf, force-pushing main, dropping a production table, or fetching from a privilege-leaking external URL, that is ThumbGate's job."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Do they overlap technically?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. Gatekeeper hooks the browser; ThumbGate hooks the PreToolUse boundary inside agent runtimes. Different attach points, different request shapes, different rule corpora (statute-derived vs operator-feedback-derived). Running both does not create policy conflicts because each sees a different request layer."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Both say 'deterministic, no AI in the gate'. Why is that important?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "An enforcement layer that calls an LLM to decide whether to block introduces the same non-determinism the layer is supposed to fix. Both Gatekeeper and ThumbGate solve this the same way: pure pattern matching against a deterministic rule set. Gatekeeper's rules are derived from statutes (each rule maps to a specific legal citation). ThumbGate's rules are derived from operator feedback through Thompson Sampling auto-promotion (each rule must pass precision/recall thresholds before going live). Different sources of truth, same fast / auditable / no-LLM enforcement path."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Can a regulated firm (law, finance, healthcare) install both?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Yes. The most common dual-use story we expect: a firm uses Gatekeeper to enforce that no PHI / FERPA-protected / non-public-personal-info text gets pasted into ChatGPT by anyone in the org, AND uses ThumbGate to enforce that the firm's AI coding agents and intake bots cannot execute privileged actions (unauthorized practice of law, conflict-of-interest violations, privilege-leaking egress) when they generate code or take tool actions inside Claude Code / Cursor / Codex. Workforce-input gate + agent-action gate covers the AI compliance perimeter end to end."
+      }
+    }
+  ]
+}
+</script>
+</head>
+<body>
+<div class="topbar">
+  <div class="container">
+    <a class="brand" href="/"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate/blob/main/docs/VERIFICATION_EVIDENCE.md" target="_blank" rel="noopener">Verification evidence</a>
+  </div>
+</div>
+
+<section class="hero">
+  <div class="container">
+    <span class="eyebrow">ThumbGate vs Gatekeeper (Oak &amp; Sparrow)</span>
+    <h1>Gatekeeper stops employees leaking data into ChatGPT. ThumbGate stops coding agents executing bad tool calls. Same philosophy, different layer.</h1>
+    <p><strong>Gatekeeper</strong> (by <a href="https://oakandsparrowsystemsenterprise.io/" target="_blank" rel="noopener">Oak &amp; Sparrow Systems Enterprise</a>) intercepts every input an employee types into a commercial AI system (ChatGPT, Copilot, Gemini) at the browser boundary, blocking violations of HIPAA, FERPA, CCPA, COPPA, CPNI, PCI, FINRA, and the EU AI Act before the data leaves the building. <strong>ThumbGate</strong> intercepts the tool call an AI coding agent is about to make — bash, SQL, file write, MCP tool, outbound LLM call — inside Claude Code, Cursor, OpenAI Codex CLI, Google Gemini CLI, Sourcegraph Amp, Cline, OpenCode, and Claude Desktop. Both products say *"deterministic enforcement, no AI in the gate."* They mean it.</p>
+    <div class="pill-row">
+      <span class="pill">Both deterministic</span>
+      <span class="pill">Both no AI in the gate</span>
+      <span class="pill">Different surfaces</span>
+      <span class="pill good">Use both for full coverage</span>
+    </div>
+  </div>
+</section>
+
+<div class="container grid">
+  <main>
+    <article class="detail-section">
+      <h2>Side-by-side scope comparison</h2>
+      <table class="comparison-table">
+        <thead>
+          <tr>
+            <th>Capability</th>
+            <th>Gatekeeper (Oak &amp; Sparrow)</th>
+            <th>ThumbGate</th>
+          </tr>
+        </thead>
+        <tbody>
+          <tr>
+            <td>What it intercepts</td>
+            <td>Every input an employee types into a commercial AI system (ChatGPT, Copilot, Gemini), at the browser boundary, before transmission</td>
+            <td>Every tool call an AI coding agent attempts (bash, SQL, file write, HTTP fetch, MCP tool), at the PreToolUse boundary inside the agent runtime, before execution</td>
+          </tr>
+          <tr>
+            <td>Who buys it</td>
+            <td>Compliance officers, CISOs, legal teams at regulated firms (healthcare, finance, education, telco)</td>
+            <td>Engineering leaders + devs using AI coding agents; law firms / regulated dev teams adopting agentic intake workflows</td>
+          </tr>
+          <tr>
+            <td>Rule source</td>
+            <td>93 deontic rules derived from active statutes (HIPAA, FERPA, CCPA/CPRA, COPPA, CPNI, PCI DSS, FINRA, EU AI Act, SB-1001 CA, Colorado AI Act). Each rule maps to a specific legal citation.</td>
+            <td>Operator feedback (👍/👎) auto-promoted via Thompson Sampling; LLM-generated candidates that must pass precision/recall gates before activation. Each rule traceable to the lesson that produced it.</td>
+          </tr>
+          <tr>
+            <td>Enforcement primitive</td>
+            <td>Deterministic pattern matching; no AI in the gate</td>
+            <td>Deterministic pattern matching; no LLM in the gate</td>
+          </tr>
+          <tr>
+            <td>Evidence output</td>
+            <td>SHA-256 linked artifacts, timestamped, hashed, chain-linked, statute-referenced — designed as legal evidence</td>
+            <td>Audit log entries with rule version + source lesson + decision + reviewer + timestamp; DPO preference pairs for downstream model hardening; HuggingFace dataset export</td>
+          </tr>
+          <tr>
+            <td>Status surface</td>
+            <td>GREEN (system ran) / YELLOW (risk caught) / RED (violation prevented)</td>
+            <td>Per-agent / per-gate hit rates, agent inventory, remediations, token-savings telemetry on <a href="/dashboard">/dashboard</a></td>
+          </tr>
+          <tr>
+            <td>Attach point</td>
+            <td>Browser extension / web boundary, before the HTTP request to OpenAI / Microsoft / Google reaches the AI provider</td>
+            <td>PreToolUse hook inside the agent runtime, before the tool call (bash, SQL, MCP, etc.) hits the OS / network</td>
+          </tr>
+          <tr>
+            <td>License / availability</td>
+            <td>Enterprise (no public pricing published as of 2026-05-27)</td>
+            <td>MIT-licensed npm package (free local CLI); $19/mo Pro for hosted sync + dashboard + DPO export; $49/seat Team for shared lesson DB + workflow hardening</td>
+          </tr>
+        </tbody>
+      </table>
+    </article>
+
+    <article class="detail-section">
+      <h2>The shared architectural insight</h2>
+      <p>Gatekeeper's site frames its core design constraint in eight words:</p>
+      <blockquote>"Deterministic enforcement — no AI in the gate."</blockquote>
+      <p>ThumbGate ships the same constraint, written in our own architecture docs as <em>"no LLM on the enforcement path."</em> Both products converge on the same conclusion for the same reason: an enforcement layer that calls an LLM to decide whether to block re-introduces the non-determinism the layer is supposed to remove. A gate that occasionally hallucinates is not a gate — it is a suggestion.</p>
+      <p>The deterministic constraint forces a different question: <em>where does the rule corpus come from?</em></p>
+      <ul>
+        <li><strong>Gatekeeper's answer:</strong> derive rules from statutes. Each of the 93 deontic rules maps to a specific legal citation. The ontology is built from the law, not from assumptions. This makes the output usable as legal evidence in regulated industries.</li>
+        <li><strong>ThumbGate's answer:</strong> derive rules from operator feedback. 👎 thumbs-down on a bad agent action becomes a history-aware lesson, then a candidate prevention rule, then — only after passing precision/recall gates — an enforced Pre-Action Check. The ontology is built from observed agent mistakes, not from assumed ones.</li>
+      </ul>
+      <p>Same enforcement primitive. Different rule provenance. Use both if both data sources matter to your compliance posture.</p>
+    </article>
+
+    <article class="detail-section">
+      <h2>The dual-deploy story we expect for regulated firms</h2>
+      <p>The buyer who needs both products at once is a regulated firm adopting AI coding agents for internal automation. A concrete picture:</p>
+      <p>A law firm has 600 lawyers and paralegals using ChatGPT for routine drafting. <strong>Gatekeeper</strong> sits in the browser and blocks any input containing PHI markers, ABA Rule 5.5 — Unauthorized Practice of Law indicators, conflict-of-interest markers, or attorney-client privileged content from leaving the firm boundary. Every block is sealed as legal evidence the firm can produce in an ethics inquiry.</p>
+      <p>The same firm has built an AI intake bot using Cursor + Anthropic's API that handles inbound client questions. <strong>ThumbGate</strong> sits at the PreToolUse boundary inside that bot's agent runtime and blocks (a) advice-shaped output ("you should file in the Southern District of Florida") that would constitute unauthorized practice of law from a non-attorney source, (b) document fetches against parties already on the firm's adverse-parties list, and (c) outbound LLM calls carrying privilege markers. We've published interactive demos of all three gates at <a href="/ai-malpractice-prevention#live-gate-demos">/ai-malpractice-prevention</a>.</p>
+      <p>One stack: workforce-input gate + agent-action gate. End-to-end AI compliance perimeter.</p>
+    </article>
+
+    <article class="detail-section">
+      <h2>FAQ</h2>
+      <details class="faq-item" open>
+        <summary>Is Gatekeeper a competitor to ThumbGate?</summary>
+        <p>Architectural cousins, not competitors. Same enforcement philosophy (deterministic, no AI in the gate, sealed audit), different surfaces (employee browser input vs agent tool call). Different buyers. Different rule corpora. Zero technical overlap.</p>
+      </details>
+      <details class="faq-item">
+        <summary>Should I use Gatekeeper or ThumbGate?</summary>
+        <p>Use both if you have both threats. Gatekeeper for employees pasting regulated data into commercial AI. ThumbGate for AI coding agents executing bad tool calls. They cover different halves of the AI compliance perimeter.</p>
+      </details>
+      <details class="faq-item">
+        <summary>Do they overlap technically?</summary>
+        <p>No. Gatekeeper hooks the browser; ThumbGate hooks the PreToolUse boundary inside agent runtimes. Different attach points, different request shapes, different rule corpora. Running both does not create policy conflicts.</p>
+      </details>
+      <details class="faq-item">
+        <summary>Both say "deterministic, no AI in the gate." Why?</summary>
+        <p>An enforcement layer that calls an LLM to decide whether to block introduces the same non-determinism the layer is supposed to remove. Both products converge on pure pattern matching against a deterministic rule set for that reason.</p>
+      </details>
+      <details class="faq-item">
+        <summary>Where do I start?</summary>
+        <p>Talk to <a href="https://oakandsparrowsystemsenterprise.io/" target="_blank" rel="noopener">Oak &amp; Sparrow</a> for workforce-input governance against ChatGPT / Copilot / Gemini. <code>npx thumbgate init</code> for AI coding agent runtime governance against Claude Code / Cursor / Codex / Gemini CLI / Amp / Cline / OpenCode / Claude Desktop. Different sales motions, different deployment surfaces.</p>
+      </details>
+    </article>
+  </main>
+
+  <aside class="sidebar">
+    <div class="sidebar-card">
+      <h3 style="margin: 0 0 8px;">Install ThumbGate free</h3>
+      <p>10 captures/day, 3 active rules, PreToolUse blocking across Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, Claude Desktop.</p>
+      <pre style="background: var(--bg-raised); border: 1px solid var(--line); border-radius: 8px; padding: 12px; font-size: 13px; overflow: auto;">npx thumbgate init</pre>
+      <a class="cta-button" href="/pricing">See Pro vs Team pricing →</a>
+      <p style="font-size: 12px; margin-top: 16px;">MIT licensed. No telemetry without opt-in. <code>THUMBGATE_NO_TELEMETRY=1</code> disables.</p>
+    </div>
+
+    <div class="sidebar-card">
+      <span class="related-label">Visit Oak &amp; Sparrow</span>
+      <p style="font-size: 13px;">Workforce-input governance for ChatGPT / Copilot / Gemini at the browser boundary. <a href="https://oakandsparrowsystemsenterprise.io/" target="_blank" rel="noopener">oakandsparrowsystemsenterprise.io</a></p>
+    </div>
+
+    <div class="sidebar-card">
+      <span class="related-label">Related comparisons</span>
+      <a class="related-card" href="/compare/anthropic-containment">
+        <strong>ThumbGate vs Anthropic's Claude Containment</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">IDE-agent extension of Anthropic's published architecture</span>
+      </a>
+      <a class="related-card" href="/compare/bumblebee">
+        <strong>ThumbGate vs Bumblebee</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Runtime enforcement vs Perplexity's static MCP inventory</span>
+      </a>
+      <a class="related-card" href="/compare/claude-code-hooks">
+        <strong>ThumbGate vs claude-code-hooks</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Hosted sync vs local shell scripts</span>
+      </a>
+      <a class="related-card" href="/compare/arcjet">
+        <strong>ThumbGate vs Arcjet</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Agent-outbound gate vs app-inbound firewall</span>
+      </a>
+      <a class="related-card" href="/compare/anthropic-claude-for-legal">
+        <strong>ThumbGate vs Claude for Legal</strong><br>
+        <span style="color: var(--muted); font-size: 13px;">Runtime feedback-to-enforcement loop underneath Anthropic's legal bundle</span>
+      </a>
+    </div>
+
+    <div class="sidebar-card">
+      <span class="related-label">Sources</span>
+      <p style="font-size: 13px;">Gatekeeper feature claims and verbatim quotes from <a href="https://oakandsparrowsystemsenterprise.io/" target="_blank" rel="noopener">oakandsparrowsystemsenterprise.io</a> as of 2026-05-27. If anything here misrepresents Gatekeeper, open an issue at <a href="https://github.com/IgorGanapolsky/ThumbGate/issues" target="_blank" rel="noopener">our repo</a> and we'll correct it.</p>
+    </div>
+  </aside>
+</div>
+</body>
+</html>

package/public/compare/rein.html

@@ -0,0 +1,236 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ThumbGate vs Rein — Coding-Agent Governance vs Generic Decorator Governance</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="ThumbGate vs Rein for AI agent governance. Rein is a generic decorator for production apps in regulated domains. ThumbGate is the coding-agent specialist with a learning feedback loop and MIT licensing.">
+<meta name="keywords" content="AI agent governance, Rein, ThumbGate, runtime governance, pre-action hooks, agent decorator, coding agent guardrails">
+<meta property="og:title" content="ThumbGate vs Rein — Coding-Agent Governance vs Generic Decorator Governance">
+<meta property="og:description" content="Both intercept agent actions before damage. Different layers, different domains, different licenses. Honest side-by-side.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/compare/rein">
+<link rel="canonical" href="https://thumbgate.ai/compare/rein">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "ThumbGate vs Rein — Coding-Agent Governance vs Generic Decorator Governance",
+  "description": "Side-by-side comparison of two pre-action governance layers for AI agents. ThumbGate specializes in AI coding agents (Claude Code, Cursor, Codex). Rein is a generic decorator targeted at production apps in regulated domains.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "datePublished": "2026-05-15",
+  "dateModified": "2026-05-15",
+  "mainEntityOfPage": "https://thumbgate.ai/compare/rein"
+}
+</script>
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "What's the difference between Rein and ThumbGate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Both intercept an agent's action before it fires — that's the shared category. Rein is a generic in-process Python decorator aimed at production apps in regulated domains (trading, healthcare, legal), where each decision is high-stakes and policies are authored by hand. ThumbGate is the coding-agent specialist for Claude Code, Cursor, Codex, Gemini, Amp, Cline, and OpenCode: it intercepts at the out-of-process PreToolUse hook boundary and learns from thumbs-down corrections, auto-promoting them into prevention rules that persist across sessions. Same pre-action thesis, different target user."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Can I use Rein and ThumbGate together?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Yes. They don't conflict and they aren't direct alternatives. Rein governs a production application's agent at the decorated-function boundary; ThumbGate governs your engineering team's coding agents at the PreToolUse boundary. A team running both a regulated production agent and an AI coding workflow can use Rein for the first and ThumbGate for the second."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Does ThumbGate require code changes like Rein's decorator?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. Rein integrates as a Python decorator you wrap around each tool function. ThumbGate installs with npx thumbgate init, which auto-detects the agent and wires the PreToolUse hooks with zero workflow change. It runs out-of-process at the agent runtime boundary, so dangerous calls are caught before the agent's process even attempts them."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Is ThumbGate open source like Rein?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "ThumbGate's CLI and hook layer are MIT licensed — open-core, not viral — with commercial licensing for Pro and Team features. Rein's exact license should be confirmed at reinai.io before you make a distribution decision; a secondary source summarized it as AGPL, but we have not independently verified that, so check the primary source."
+      }
+    }
+  ]
+}
+</script>
+
+<link rel="stylesheet" href="/learn/learn.css">
+<style>
+  .matrix { width: 100%; border-collapse: collapse; margin: 1.5rem 0; font-size: 0.95rem; }
+  .matrix th, .matrix td { padding: 12px 14px; text-align: left; border-bottom: 1px solid var(--border); vertical-align: top; }
+  .matrix th { background: var(--bg-card); font-weight: 600; }
+  .matrix td:nth-child(2) { color: var(--muted); }
+  .matrix td:nth-child(3) { color: var(--text); }
+  .verdict { font-weight: 600; color: var(--green); }
+  .pair { display: grid; grid-template-columns: 1fr 1fr; gap: 16px; margin: 1.5rem 0; }
+  .pair > div { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; }
+  @media (max-width: 700px) { .pair { grid-template-columns: 1fr; } }
+</style>
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/pricing">Pricing</a>
+  <a href="/case-studies">Case Studies</a>
+  <a href="/compare">Compare</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/compare">Compare</a> / ThumbGate vs Rein</div>
+  <h1>ThumbGate vs Rein</h1>
+  <p style="color:var(--muted);">5 min read · For teams evaluating AI-agent runtime governance options</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> Both Rein and ThumbGate intercept agent actions before they fire — that's the shared category. The honest differences: Rein is a <em>generic in-process decorator</em> aimed at production apps in regulated domains (trading, healthcare, legal). ThumbGate is the <em>coding-agent specialist</em> for Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, with a feedback loop that learns from thumbs-down corrections, plus MIT licensing on the core CLI + hook layer. <em>Note: Rein's exact license terms are documented at reinai.io; the source we read summarized them as "AGPL" but we have not independently verified — check the primary source before making a distribution decision.</em></div>
+
+  <h2>The shared thesis</h2>
+  <p>Both projects start from the same observation: most AI agent frameworks optimize for task completion, very few optimize for what happens when the agent does the wrong task. Both insert a gate <em>before</em> the action fires rather than trying to clean up after it.</p>
+
+  <p>Below is an honest side-by-side. We're not going to claim ThumbGate "wins" on every dimension — Rein is well-designed software with a legitimate niche. Pick by what you're actually building.</p>
+
+  <h2>Side-by-side</h2>
+
+  <table class="matrix">
+    <thead>
+      <tr><th style="width:28%;">Dimension</th><th style="width:36%;">Rein</th><th style="width:36%;">ThumbGate</th></tr>
+    </thead>
+    <tbody>
+      <tr>
+        <td><strong>Integration layer</strong></td>
+        <td>In-process Python decorator wrapping the agent's tool functions.</td>
+        <td>Out-of-process PreToolUse hook intercepting tool calls at the agent runtime boundary (Claude Code / Cursor / Codex / Gemini / Amp / Cline / OpenCode).</td>
+      </tr>
+      <tr>
+        <td><strong>Target domain</strong></td>
+        <td>Production apps in regulated domains: trading, healthcare, legal. High-stakes per-action.</td>
+        <td>AI coding agents. High-volume, high-frequency tool calls (file write, shell exec, git push, package install).</td>
+      </tr>
+      <tr>
+        <td><strong>Target user</strong></td>
+        <td>Engineering teams building production agent apps where each decision is consequential.</td>
+        <td>Developers and engineering teams running AI coding assistants who hit the same repeat mistake more than once.</td>
+      </tr>
+      <tr>
+        <td><strong>Core mechanisms</strong></td>
+        <td>Policy checks. Audit trails. Circuit breakers.</td>
+        <td>Pre-action checks. Thumbs-up/down feedback ledger. Auto-generated prevention rules. Lesson DB with semantic recall. Thompson Sampling for gate-policy bandits.</td>
+      </tr>
+      <tr>
+        <td><strong>Learning loop</strong></td>
+        <td>Not in the public framing. Policies are authored.</td>
+        <td>Yes. Thumbs-down feedback in one session auto-promotes to a prevention rule that blocks the same action in future sessions across machines.</td>
+      </tr>
+      <tr>
+        <td><strong>Domain skill packs</strong></td>
+        <td>Not in the public framing.</td>
+        <td>Ships Stripe, Railway, database-migration packs. Each pack is a set of pre-action rules specific to the domain's failure modes.</td>
+      </tr>
+      <tr>
+        <td><strong>License</strong></td>
+        <td>Open-source license per <a href="https://reinai.io">reinai.io</a> — verify the exact terms at the source before making a distribution decision. (Our secondary source summarized it as AGPL; we have not independently confirmed.)</td>
+        <td>MIT for the CLI and hook layer. Commercial license for Team / Pro features. Open-core, not viral.</td>
+      </tr>
+      <tr>
+        <td><strong>Installation</strong></td>
+        <td>Python decorator import.</td>
+        <td><code>npx thumbgate init</code> — auto-detects the agent, wires the hooks, zero workflow change.</td>
+      </tr>
+      <tr>
+        <td><strong>Cost when the agent is wrong</strong></td>
+        <td>Caught at the decorated function boundary.</td>
+        <td>Caught at the PreToolUse hook boundary, before the agent's process even attempts the call.</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <h2>When to pick which</h2>
+
+  <div class="pair">
+    <div>
+      <h3 style="margin-top:0;">Use <strong>Rein</strong> if</h3>
+      <ul>
+        <li>You're building a production application (not a coding agent) in a regulated domain</li>
+        <li>You write your agent in Python and want decorator-level integration</li>
+        <li>Your team has policy-authoring resources to write rules upfront</li>
+        <li>Rein's licensing terms (verify at reinai.io) are acceptable for your distribution model</li>
+        <li>Per-action stakes are high enough that a decorator wrapper is the right tradeoff</li>
+      </ul>
+    </div>
+    <div>
+      <h3 style="margin-top:0;">Use <strong>ThumbGate</strong> if</h3>
+      <ul>
+        <li>Your agent is Claude Code, Cursor, Codex, Gemini, Amp, Cline, or OpenCode</li>
+        <li>You want the gate to learn from your corrections instead of being authored by hand</li>
+        <li>Your team writes code (vs. authoring policy) and wants thumbs-down feedback as the primary signal</li>
+        <li>You need an MIT-licensed core layer that can be embedded in commercial products</li>
+        <li>You ship Domain Skill Packs as a feature (Stripe, Railway, database migrations)</li>
+      </ul>
+    </div>
+  </div>
+
+  <h2>Both, side by side, in the same stack</h2>
+
+  <p>The two projects don't conflict. Rein governs your production app's agent at the function boundary. ThumbGate governs your engineering team's coding agents at the PreToolUse boundary. The pre-action gate pattern is the shared category; the specialization differs. A team operating both an AI coding workflow and a regulated production agent can use ThumbGate for the first and Rein for the second.</p>
+
+  <div class="callout callout-green">
+    <strong>Honest framing:</strong> Rein and ThumbGate are not direct alternatives. We share a thesis. We do not share a target user.
+  </div>
+
+  <h2>What the category gets right</h2>
+
+  <p>Both projects are correct that the dominant failure mode of agent frameworks today is "you can't undo an action after the model already took it." Prompt-level rules in <code>CLAUDE.md</code> or <code>.cursorrules</code> are eviction-prone under context pressure. Decorator-level wrappers are tighter. Hook-level intercepts are tighter still. Sandbox isolation is the strongest. Pick the layer that matches your operating model.</p>
+
+  <h2>Adoption in two minutes (ThumbGate)</h2>
+
+  <ol>
+    <li><strong>Install:</strong> <code>npx thumbgate init</code> — the CLI detects your agent and wires PreToolUse hooks. No workflow change.</li>
+    <li><strong>Give feedback when the agent is wrong:</strong> a thumbs-down with context becomes a structured failure record.</li>
+    <li><strong>Prevention rules generate themselves:</strong> after repeated failures in the same domain, ThumbGate auto-promotes a prevention rule that fires the next time the agent tries the same pattern.</li>
+    <li><strong>Pre-action checks block the mistake:</strong> the PreToolUse hook intercepts the call. The agent gets a structured error and a path back to the spec.</li>
+  </ol>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Pick the layer that matches your stack</h2>
+    <p>Building a Python production agent in a regulated domain? Look at Rein. Running AI coding agents and want them to stop repeating the same mistake? Start with ThumbGate.</p>
+    <div class="cta-install">$ npx thumbgate init</div>
+  </div>
+
+  <div class="related">
+    <h3>Related comparisons</h3>
+    <a href="/compare/heidi">ThumbGate vs Heidi (Meterian supply-chain) →</a>
+    <a href="/compare/mem0">ThumbGate vs Mem0 (memory layer) →</a>
+    <a href="/compare">All comparisons →</a>
+  </div>
+</div>
+
+
+  <div class="sticky-cta">
+    <span style="color:var(--muted)">Try it now:</span>
+    <code>npx thumbgate init</code>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+  </div>
+</body>
+</html>