thumbgate 1.27.8 → 1.27.9

package/public/index.html

@@ -20,7 +20,7 @@ __GOOGLE_SITE_VERIFICATION_META__
 <meta property="og:image" content="https://thumbgate.ai/og.png">
 <meta name="twitter:card" content="summary_large_image">
 <meta name="twitter:image" content="https://thumbgate.ai/og.png">
-<meta name="thumbgate-version" content="1.27.8">
+<meta name="thumbgate-version" content="1.27.7">
 <meta name="keywords" content="ThumbGate, thumbgate, AI agent orchestration, AI experience orchestration, agentic development cycle, AC/DC framework, Guide Generate Verify Solve, agent enforcement layer, save LLM tokens, reduce Claude API cost, reduce OpenAI cost, AI agent token savings, prevent LLM retries, prevent hallucination retries, stop AI token waste, pre-action checks, agent governance, Claude Code, Cursor, Codex, Gemini, Amp, Cline, OpenCode, workflow hardening, context engineering, AI authenticity, brand authenticity AI">
 <link rel="canonical" href="__APP_ORIGIN__/">
 <link rel="alternate" type="text/markdown" title="ThumbGate LLM context" href="__APP_ORIGIN__/llm-context.md">
@@ -337,7 +337,7 @@ __GA_BOOTSTRAP__
       "name": "How does ThumbGate reduce host blast radius for high-risk local runs?",
       "acceptedAnswer": {
         "@type": "Answer",
-        "text": "ThumbGate combines pre-action checks with execution guidance. Workflow Sentinel predicts risky local actions before they execute, and high-risk runs can be routed into Docker Sandboxes instead of running directly on the host. Enterprise workflows also have a signed hosted sandbox lane for isolated automation dispatch."
+        "text": "ThumbGate combines pre-action checks with execution guidance. Workflow Sentinel predicts risky local actions before they execute, and high-risk runs can be routed into Docker Sandboxes instead of running directly on the host. Team workflows also have a signed hosted sandbox lane for isolated automation dispatch."
       }
     },
     {
@@ -772,8 +772,8 @@ __GA_BOOTSTRAP__
 
     <div class="hero-actions">
       <a href="/checkout/pro?utm_source=website&utm_medium=hero_cta&utm_campaign=pro_upgrade&cta_id=hero_start_pro&cta_placement=hero&plan_id=pro&landing_path=%2F" data-revenue-cta data-cta-id="hero_start_pro" data-cta-placement="hero" data-tier="pro" data-plan-id="pro" data-price="19" onclick="trackRevenueCta(this);try{posthog.capture('hero_pro_checkout_click',{cta:'hero_start_pro',tier:'pro',price:19})}catch(_){}" class="btn-pro-page hero-pro hero-pro-primary">Start Pro — $19/mo</a>
-      <a href="#workflow-sprint-intake" onclick="try{posthog.capture('hero_sprint_click',{cta:'sprint_intake'})}catch(_){};sendFirstPartyTelemetry('hero_sprint_intake_started',{ctaId:'hero_workflow_sprint',ctaPlacement:'hero',offer:'workflow_sprint'});" class="btn-pro-page hero-pro">Workflow Hardening Sprint →</a>
-      <a href="/go/install?utm_source=website&utm_medium=hero_cta&utm_campaign=install_free&cta_id=hero_install_cli&cta_placement=hero" onclick="event.preventDefault(); navigator.clipboard.writeText('npx thumbgate init'); this.textContent='Copied ✓ — paste in your repo'; setTimeout(()=>{this.textContent='Install Free CLI'},2000); try{posthog.capture('hero_install_click',{cta:'install_cli'})}catch(_){}" class="btn-free btn-install-hero" title="Click to copy: npx thumbgate init">Install Free CLI</a>
+      <a href="#workflow-sprint-intake" onclick="try{posthog.capture('hero_sprint_click',{cta:'sprint_intake'})}catch(_){};sendFirstPartyTelemetry('hero_sprint_intake_started',{ctaId:'hero_workflow_sprint',ctaPlacement:'hero',offer:'workflow_sprint'});" class="btn-pro-page hero-pro">Send workflow first</a>
+      <a href="/go/install?utm_source=website&utm_medium=hero_cta&utm_campaign=install_free&cta_id=hero_install_cli&cta_placement=hero" onclick="event.preventDefault(); navigator.clipboard.writeText('npx thumbgate init'); this.textContent='Copied ✓ — paste in your repo'; setTimeout(()=>{this.textContent='Copy Free CLI'},2000); try{posthog.capture('hero_install_click',{cta:'install_cli'})}catch(_){}" class="btn-free btn-install-hero" title="Click to copy: npx thumbgate init">Copy Free CLI</a>
     </div>
 
     <div class="offer-router" aria-label="Choose the right ThumbGate path">
@@ -783,7 +783,7 @@ __GA_BOOTSTRAP__
         <a href="/checkout/pro?utm_source=website&utm_medium=offer_router&cta_id=router_start_pro&cta_placement=offer_router&plan_id=pro" data-revenue-cta data-cta-id="router_start_pro" data-cta-placement="offer_router" data-tier="pro" data-plan-id="pro" data-price="19" onclick="trackRevenueCta(this);">Pay $19/mo with Stripe →</a>
       </div>
       <div class="offer-route">
-        <strong>Enterprise workflow: Start with intake</strong>
+        <strong>Team workflow: Start with intake</strong>
         <p>One repeated failure, one owner, one proof plan.</p>
         <a href="#workflow-sprint-intake" onclick="sendFirstPartyTelemetry('workflow_sprint_intake_started',{ctaId:'router_workflow_sprint',ctaPlacement:'offer_router',offer:'workflow_sprint'});">Talk to us →</a>
       </div>
@@ -1094,21 +1094,6 @@ __GA_BOOTSTRAP__
         <p>Claude Code, Codex, Gemini CLI, Amp, and OpenCode all use the same gateway and memory model. Any MCP-compatible agent gets pre-action checks, feedback memory, and enforcement out of the box.</p>
         <div class="card-arrow">Open the setup guide →</div>
       </a>
-      <a class="compat-card seo-card" href="/guides/hermes-agent-guardrails" rel="noopener">
-        <h3>☤ Hermes Agent guardrails</h3>
-        <p>Hermes-style agents bring persistent memory, generated skills, messaging gateways, scheduled automations, and sandboxed execution. ThumbGate adds the safer self-evolution loop: propose rule and skill changes from failures, then gate them with evidence before anything overwrites stable instructions or repeats an expensive action.</p>
-        <div class="card-arrow">Read the Hermes guardrails guide →</div>
-      </a>
-      <a class="compat-card seo-card" href="/guides/vllm-serving-guardrails" rel="noopener">
-        <h3>vLLM serving guardrails</h3>
-        <p>vLLM makes self-hosted inference cheaper and faster with PagedAttention, continuous batching, chunked prefill, prefix caching, and optimized kernels. ThumbGate gates the routing change with latency, cache-isolation, benchmark, and rollback proof before agent traffic moves.</p>
-        <div class="card-arrow">Read the vLLM guardrails guide →</div>
-      </a>
-      <a class="compat-card seo-card" href="/guides/agent-context-governance" rel="noopener">
-        <h3>Context and tool governance</h3>
-        <p>Long-running agents need cleaner working context, approved model routes, isolated execution, tool lockdown, direct pushback, and evidence before high-risk actions. ThumbGate turns those controls into local pre-action gates.</p>
-        <div class="card-arrow">Read the context governance guide →</div>
-      </a>
       <a class="compat-card seo-card" href="/guides/gcp-mcp-guardrails" rel="noopener">
         <h3>☁️ Google Data Agent Kit</h3>
         <p>Cloud Next 2026 shipped BigQuery, Spanner, AlloyDB, and Cloud SQL as MCP tool calls into Claude Code, Codex, and Gemini CLI. ThumbGate checks the destructive ones — DROP on prod datasets, unscoped DELETEs, IAM escalation — before they fire.</p>
@@ -1159,7 +1144,7 @@ __GA_BOOTSTRAP__
         <p>Every block explains why: which pattern matched, what evidence triggered it, and whether the rule came from your own corrections.</p>
       </div>
       <div class="agent-card">
-        <h3>📊 Org Dashboard</h3>
+        <h3>📊 Org Dashboard (Team)</h3>
         <p>See which agents are creating review churn, which checks are saving time, and where rollout risk is still concentrated across the shared workflow.</p>
       </div>
       <div class="agent-card">
@@ -1182,28 +1167,6 @@ __GA_BOOTSTRAP__
   </div>
 </section>
 
-<section class="compatibility" id="governance-not-logging">
-  <div class="container">
-    <div class="section-label">Governance, Not Logging</div>
-    <h2 class="section-title">Logs describe the damage. ThumbGate blocks the risky action before it runs.</h2>
-    <p style="color:var(--text-dim);max-width:820px;margin:0 auto 22px;">Self-governance is an operator writing local rules and keeping local logs. ThumbGate starts there, then turns each correction into a pre-action decision: allow, block, require evidence, or route for approval before the tool call touches code, data, money, or customers.</p>
-    <div class="agent-grid">
-      <div class="agent-card">
-        <h3>Pre-action enforcement</h3>
-        <p>The rule is evaluated at the execution boundary, not after the fact. Repeated failures are stopped before shell commands, PR actions, deploys, refunds, or production writes run.</p>
-      </div>
-      <div class="agent-card">
-        <h3>Reviewable decision trail</h3>
-        <p>Each event records the rule, source lesson, policy version, actor, action, evidence requirement, and reason so reviewers can inspect the decision instead of trusting an agent summary.</p>
-      </div>
-      <div class="agent-card">
-        <h3>Enterprise governance mode</h3>
-        <p>Org-owned policies, reviewer approvals, signed evidence bundles, and export paths turn local corrections into shared controls without giving the agent unilateral authority over the rules.</p>
-      </div>
-    </div>
-  </div>
-</section>
-
 <section class="compatibility" id="orchestration-layer">
   <div class="container">
     <div class="section-label">Positioning</div>
@@ -1289,7 +1252,7 @@ __GA_BOOTSTRAP__
         </div>
         <div class="autoresearch-card">
           <h3>Ship into CI</h3>
-          <p>Start with templates for <code>npm test</code>, Playwright duration, bundle size, lint, and CI failures, then add shared workflow checks for team-owned releases.</p>
+          <p>Start with templates for <code>npm test</code>, Playwright duration, bundle size, lint, and CI failures, then add Team checks for shared workflows.</p>
         </div>
       </div>
       <div class="autoresearch-cta">
@@ -1325,9 +1288,8 @@ __GA_BOOTSTRAP__
 <!-- HOW IT WORKS -->
 <section class="how-it-works" id="how-it-works">
   <div class="container">
-    <div class="section-label">Self-improving enforcement</div>
+    <div class="section-label">Current release</div>
     <h2 class="section-title">Three steps to stop repeated AI failures</h2>
-    <p class="section-sub" style="max-width:720px;margin:6px auto 22px;text-align:center;color:var(--text-muted);font-size:clamp(16px,1.6vw,18px);">Self-improving — but for safety, not capability: every <code>👎</code> compiles into a hard rule, and each rule regression-tests itself against your history, so it blocks the repeat and never the safe action.</p>
     <div class="steps">
       <div class="step">
         <div class="step-num">1</div>
@@ -1532,7 +1494,7 @@ __GA_BOOTSTRAP__
           <li><strong>Audit-ready enforcement proof</strong> — Personal local dashboard for the individual operator with auditable block history</li>
           <li><strong>Ship hardened agents to production</strong> — Model Hardening Advisor plus HuggingFace dataset export</li>
           <li><strong>Hand a PR with proof</strong> — Review-ready workflow support and proof-ready lesson bundles a reviewer can verify in 30 seconds</li>
-          <li><strong>Hand off without re-onboarding</strong> — Lesson export/import for handoff or migration</li>
+          <li><strong>Hand off without re-onboarding</strong> — Team lesson export/import for handoff or migration</li>
         </ul>
         <div style="margin:12px 0 16px;padding:12px;border:1px solid rgba(34,211,238,0.25);border-radius:8px;background:rgba(34,211,238,0.06);">
           <div style="font-size:12px;color:var(--text-muted);margin-bottom:4px;">What your Pro dashboard looks like</div>
@@ -1710,7 +1672,7 @@ __GA_BOOTSTRAP__
       </div>
       <div class="faq-item">
         <button class="faq-q" type="button" aria-expanded="false" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)">How do we keep high-risk autonomous runs off the host?</button>
-        <div class="faq-a">ThumbGate is the control plane, not just a prompt layer. Workflow Sentinel predicts blast radius before execution, and risky local autonomy can be routed into Docker Sandboxes instead of running directly on the host. Enterprise workflows also have a signed hosted sandbox lane for isolated dispatch when local repo access is not required.</div>
+        <div class="faq-a">ThumbGate is the control plane, not just a prompt layer. Workflow Sentinel predicts blast radius before execution, and risky local autonomy can be routed into Docker Sandboxes instead of running directly on the host. Team workflows also have a signed hosted sandbox lane for isolated dispatch when local repo access is not required.</div>
       </div>
       <div class="faq-item">
         <div class="faq-q" role="button" tabindex="0" aria-expanded="false" onclick="toggleFaq(this)" onkeydown="handleFaqKeydown(event)">How do we trust a new package release?</div>
@@ -1794,7 +1756,7 @@ __GA_BOOTSTRAP__
       <a href="https://www.linkedin.com/in/igorganapolsky" target="_blank" rel="noopener">LinkedIn</a>
       <a href="/blog">Blog</a>
     </div>
-    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.27.8</span>
+    <span class="footer-copy">© 2026 ThumbGate · MIT License · npm v1.27.7</span>
   </div>
 </footer>
 
@@ -2039,7 +2001,7 @@ function copyInstall(el) {
   trackClick('.btn-demo-link', 'demo_click', { source: 'homepage' });
   trackClick('.nav-cta:not([data-revenue-cta])', 'chatgpt_gpt_click', { tier: 'free', source: 'nav' });
 
-  /* Pricing CTA conversion tracking — fires on every Get Started / Pro / Enterprise button click
+  /* Pricing CTA conversion tracking — fires on every Get Started / Pro / Team button click
      with section context so we can distinguish pricing section vs final CTA section clicks */
   document.querySelectorAll('.btn-pro, .btn-gpt-page, .btn-pro-page, .btn-install-hero, .btn-install-link, .btn-team, .btn-free, .btn-demo-link, .nav-cta').forEach(function(el) {
     el.addEventListener('click', function() {

package/public/learn/ac-dc-runtime-enforcement.html

@@ -0,0 +1,277 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>AC/DC governs the code agents write. Runtime enforcement governs what agents do. - ThumbGate</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="Sonar's Agent Centric Development Cycle (AC/DC) defines Guide → Generate → Verify → Solve for code-quality. It has no Pre-Execution Gate. Here is where runtime enforcement plugs into AC/DC, with a worked map for each stage.">
+<meta name="keywords" content="AC/DC framework, Agent Centric Development Cycle, AI coding agent governance, PreToolUse runtime enforcement, agentic SDLC, Sonar AC/DC, ThumbGate">
+<meta property="og:title" content="AC/DC + Runtime Enforcement: Closing the Pre-Execution Gap">
+<meta property="og:description" content="Sonar's AC/DC governs what agents WRITE. Runtime enforcement at PreToolUse governs what agents DO. The two compose — but only one of them stops rm -rf / DROP TABLE / unauthorized MCP calls before they happen.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/ac-dc-runtime-enforcement">
+<link rel="canonical" href="https://thumbgate.ai/learn/ac-dc-runtime-enforcement">
+<link rel="stylesheet" href="/learn/learn.css">
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "AC/DC governs the code agents write. Runtime enforcement governs what agents do.",
+  "description": "Sonar's Agent Centric Development Cycle (AC/DC) framework — Guide, Generate, Verify, Solve — is a code-quality lifecycle. Its Verify stage operates on generated code. Many of the highest-blast-radius agent failures (destructive shell commands, unauthorized MCP calls, secret exfiltration) never become code that Verify can inspect. They happen between Generate and the next Guide as runtime actions. This article maps each AC/DC stage to the runtime-enforcement layer that closes the pre-execution gap.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "datePublished": "2026-05-27",
+  "dateModified": "2026-05-27",
+  "mainEntityOfPage": "https://thumbgate.ai/learn/ac-dc-runtime-enforcement",
+  "citation": [
+    "https://www.sonarsource.com/blog/the-future-is-ac-dc-the-agent-centric-development-cycle",
+    "https://thenewstack.io/agentic-development-cycle-framework/"
+  ],
+  "about": [
+    { "@type": "Thing", "name": "AC/DC framework" },
+    { "@type": "Thing", "name": "Agent Centric Development Cycle" },
+    { "@type": "Thing", "name": "agentic SDLC governance" },
+    { "@type": "Thing", "name": "PreToolUse runtime enforcement" }
+  ]
+}
+</script>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "What is the AC/DC framework?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "AC/DC stands for Agent Centric Development Cycle. It is a four-stage governance framework published by Sonar (the company behind SonarCloud and SonarQube) for teams running AI coding agents. The stages are Guide (hand the agent your standards, architecture, and constraints before it writes code), Generate (the LLM writes code), Verify (mandatory verification of the generated code, primarily through static analysis), and Solve (fix the issues Verify surfaces). Each stage feeds the next, and outputs from Verify and Solve loop back into Guide so future iterations improve. AC/DC is a code-quality lifecycle for agentic development."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Does AC/DC cover runtime safety?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Not directly. AC/DC's Verify stage inspects generated code — typically after the agent has produced a diff or pull request. Many of the highest-blast-radius agent failures never become code that Verify can inspect. A destructive shell command like rm -rf, a DROP TABLE against the wrong database, a git push --force to main, a leaked environment variable through an MCP tool call, or an outbound LLM call to an unauthorized endpoint all happen between Generate and the next Guide loop as runtime actions. They produce no committed source code. Runtime enforcement at the PreToolUse hook is the layer that catches them before execution."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Does runtime enforcement replace AC/DC's Verify stage?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. They cover different surfaces and compose cleanly. AC/DC's Verify stage catches problems in committed code. Runtime enforcement catches problems in proposed tool calls before the tool fires. A correct deployment of both means: PreToolUse hooks block destructive or unauthorized actions before execution, Verify catches quality and security issues in the code the agent did write, and Solve fixes what Verify surfaces. The two layers add up to coverage of both the action surface and the code surface."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Where does ThumbGate fit into AC/DC?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "ThumbGate fits at two AC/DC stages. At Guide, ThumbGate's prevention-rules.md and context packs hand the agent local, learned constraints before it writes code — generated from prior failures captured by feedback hooks. At Verify, ThumbGate adds a runtime-action verification layer that operates on the tool call the agent is about to make, not on the code it already wrote. This closes the pre-execution gap between Generate and the next Guide iteration that pure-static Verify cannot reach."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Is Sonar a ThumbGate competitor?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. Sonar runs at the code-quality layer (static analysis of committed code, security hotspots, coverage, duplications). ThumbGate runs at the runtime-action layer (PreToolUse hooks in Claude Code, Cursor, Codex CLI, Gemini CLI, Amp, Cline, OpenCode, Claude Desktop). The two layers are complementary. Regulated teams already running Sonar can keep Sonar at Verify-of-code and add ThumbGate at Verify-of-action to close the runtime gap AC/DC does not explicitly name."
+      }
+    }
+  ]
+}
+</script>
+<style>
+  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
+  th, td { text-align: left; padding: 0.7rem 0.8rem; border-bottom: 1px solid var(--border); vertical-align: top; font-size: 0.92rem; }
+  th { color: var(--cyan); font-weight: 700; }
+  .layer strong { color: var(--green); }
+  .mini-grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 1rem; margin: 1.25rem 0; }
+  .mini-card { background: var(--bg-card); border: 1px solid var(--border); border-radius: 8px; padding: 1rem; }
+  .mini-card h3 { margin-top: 0; color: var(--text); }
+  .mini-card p { color: var(--muted); }
+  blockquote { border-left: 3px solid var(--cyan); margin: 1rem 0; padding: 0.5rem 1rem; color: var(--text); font-style: italic; background: rgba(34, 211, 238, 0.05); }
+  @media (max-width: 700px) { .mini-grid { grid-template-columns: 1fr; } }
+</style>
+</head>
+<body>
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / AC/DC Runtime Enforcement</div>
+  <h1>AC/DC governs the code agents write. Runtime enforcement governs what agents do.</h1>
+  <p style="color:var(--muted);">6 min read &middot; For engineering leaders adopting Sonar's Agent Centric Development Cycle</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> Sonar's AC/DC framework (Guide → Generate → Verify → Solve) is a code-quality lifecycle for agentic development. It has no Pre-Execution Gate stage. The highest-blast-radius agent failures — destructive shell, unauthorized MCP calls, force-push to main, secret exfiltration — never become committed code. They are runtime actions that happen between Generate and the next Guide loop. PreToolUse runtime enforcement is the layer that closes that gap. The two compose: AC/DC verifies the code, runtime enforcement verifies the action.</div>
+
+  <h2>What AC/DC is</h2>
+  <p>Sonar published <a href="https://www.sonarsource.com/blog/the-future-is-ac-dc-the-agent-centric-development-cycle" target="_blank" rel="noopener">the Agent Centric Development Cycle</a> (AC/DC) in early 2026 as a framework for teams shipping AI coding agents at scale. <a href="https://thenewstack.io/agentic-development-cycle-framework/" target="_blank" rel="noopener">The New Stack covered it as the governance framework</a> teams should reach for. Four stages, each feeding the next, with outputs from Verify and Solve looping back into Guide:</p>
+
+  <table>
+    <thead>
+      <tr>
+        <th>Stage</th>
+        <th>What happens</th>
+        <th>What it inspects</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr class="layer">
+        <td><strong>Guide</strong></td>
+        <td>Hand the agent your standards, architecture, and constraints before it writes a line of code.</td>
+        <td>Prompts, context packs, conventions.</td>
+      </tr>
+      <tr class="layer">
+        <td><strong>Generate</strong></td>
+        <td>The LLM produces the code it believes will achieve the desired outcome.</td>
+        <td>Nothing yet &mdash; pure generation.</td>
+      </tr>
+      <tr class="layer">
+        <td><strong>Verify</strong></td>
+        <td>Mandatory verification of the generated code &mdash; static analysis, security hotspots, coverage, duplication.</td>
+        <td>Committed source code.</td>
+      </tr>
+      <tr class="layer">
+        <td><strong>Solve</strong></td>
+        <td>Fix the issues Verify surfaces, so the next iteration is cleaner.</td>
+        <td>Issues, lessons.</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <blockquote>"In an agentic development model, the primary challenge is no longer writing code; it is creating a system that makes generated code trustworthy." — Sonar, on AC/DC</blockquote>
+
+  <p>That's a correct framing for the code-quality slice of agentic governance. It is also the slice Sonar happens to own. The framework is honest about that — it is explicitly a code-trust framework, not an action-trust framework.</p>
+
+  <h2>The structural gap: no Pre-Execution Gate</h2>
+  <p>Look at the four stages again. Verify inspects code the agent already wrote. Solve fixes that code. Guide informs the next generation. Nowhere in the loop is there a stage that intercepts an action the agent is about to take.</p>
+
+  <p>That matters because the failures that wake operators at 2 a.m. are rarely "the committed code had a bug Verify missed." They are:</p>
+
+  <ul>
+    <li>An agent ran <code>rm -rf node_modules ../</code> with a path that traversed out of the workspace.</li>
+    <li>An agent ran <code>DROP TABLE users</code> against the staging connection because the staging connection happened to point at prod.</li>
+    <li>An agent ran <code>git push --force</code> to <code>main</code> to "clean up history" and erased two days of work.</li>
+    <li>An MCP tool was given an outbound URL the agent improvised &mdash; and the URL was a credential-stealing endpoint hidden in a doc the agent ingested.</li>
+    <li>An agent committed <code>.env</code> with live keys, pushed, and the leak detector caught it ninety seconds later.</li>
+  </ul>
+
+  <p>None of those produce committed source code that Verify can read. They are runtime actions that happen <em>between</em> Generate and the next Guide loop. By the time AC/DC's Verify stage runs, the damage is done.</p>
+
+  <div class="callout">
+    <strong>The gap in plain terms:</strong> AC/DC governs what the agent <strong>writes</strong>. The unsolved layer is what the agent <strong>does</strong> &mdash; tool calls, shell commands, file writes, MCP invocations, outbound network calls &mdash; before any of those actions become text that a static analyzer can see.
+  </div>
+
+  <h2>Where runtime enforcement plugs into AC/DC</h2>
+  <p>ThumbGate operates at the PreToolUse boundary inside the agent runtime &mdash; Claude Code, Cursor, OpenAI Codex CLI, Google Gemini CLI, Sourcegraph Amp, Cline, OpenCode, Claude Desktop. When the agent is about to execute a tool call, ThumbGate inspects the proposed call and returns allow, warn, block, or route-to-human. The boundary is the runtime, not the file system.</p>
+
+  <p>Mapped onto AC/DC, that lands in two stages:</p>
+
+  <table>
+    <thead>
+      <tr>
+        <th>AC/DC stage</th>
+        <th>What runtime enforcement adds</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr class="layer">
+        <td><strong>Guide</strong></td>
+        <td>Local prevention rules promoted from prior failures (auto-generated from feedback hooks) become part of the context handed to the agent. The agent doesn't just see "your team's standards" &mdash; it sees "your team's standards plus a list of specific tool-call patterns that have caused incidents here."</td>
+      </tr>
+      <tr class="layer">
+        <td><strong>Verify (runtime)</strong></td>
+        <td>A second Verify pass runs at PreToolUse: before the agent's proposed tool call executes, ThumbGate checks it against the local lesson DB, allowlists, and policy bundles. Allow, warn, block, or route. Evidence is logged structurally so reviewers can audit decisions later.</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <div class="mini-grid">
+    <div class="mini-card">
+      <h3>Verify of code</h3>
+      <p>Static analysis on committed source code. Catches quality, security, and duplication issues after the diff exists. This is what Sonar does well, and what AC/DC's Verify stage maps to.</p>
+    </div>
+    <div class="mini-card">
+      <h3>Verify of action</h3>
+      <p>Runtime inspection of the proposed tool call before it fires. Catches destructive shell, unauthorized MCP, secret exfiltration, force-push, and out-of-scope file writes &mdash; before they become incidents.</p>
+    </div>
+  </div>
+
+  <h2>The two-layer deployment for an AC/DC team</h2>
+  <p>If your team already runs Sonar (or any static-analysis Verify stage), the integration story is short and additive:</p>
+
+  <ol>
+    <li><strong>Keep AC/DC's Verify on code.</strong> Sonar, SonarQube, or your existing static-analysis pipeline continues to inspect the source the agent produces. Nothing changes there.</li>
+    <li><strong>Add a Verify-of-action layer at the PreToolUse boundary.</strong> Install ThumbGate in the agent runtimes your developers actually use. The runtime now inspects every proposed tool call against your local rules and the prevention-rules.md generated from prior failures.</li>
+    <li><strong>Wire the feedback loop back into Guide.</strong> Every blocked action becomes a lesson. Lessons promote to prevention rules. Prevention rules become part of the context the next Guide iteration hands to the agent. AC/DC's loop closes one stage earlier.</li>
+  </ol>
+
+  <div class="callout callout-green">
+    <strong>Sales line:</strong> If your team adopted AC/DC and stopped at Verify-of-code, you are governing what the agent wrote and not what the agent did. Add the Pre-Execution Gate before the next blast-radius incident teaches you which half of the loop was missing.
+  </div>
+
+  <h2>What this looks like in a buyer demo</h2>
+  <ol>
+    <li>One AC/DC iteration where Sonar's Verify catches a real code-quality issue in generated code. Good. That's what AC/DC promises.</li>
+    <li>One proposed tool call (<code>git push --force origin main</code>) blocked at PreToolUse before execution. Evidence logged.</li>
+    <li>The blocked call promoted to a prevention rule. The next agent run sees that rule in its Guide context.</li>
+    <li>An export a reviewer or risk officer can inspect: allowed calls, blocked calls, overrides, rule-promotion history.</li>
+  </ol>
+
+  <h2>FAQ</h2>
+  <details class="faq-item" open>
+    <summary>Why doesn't AC/DC name a Pre-Execution Gate stage?</summary>
+    <p>AC/DC is framed by Sonar, whose product surface ends at static analysis of code. Naming a runtime-action stage that Sonar doesn't ship would be marketing against itself. The framework is internally consistent for the slice it owns; it just doesn't claim coverage of runtime actions. That's the gap a runtime-enforcement layer fills.</p>
+  </details>
+  <details class="faq-item">
+    <summary>Can I run ThumbGate without Sonar, or vice versa?</summary>
+    <p>Yes to both. ThumbGate adds runtime-action Verify regardless of what static-analysis tool runs alongside it. AC/DC's Verify stage can be filled by any static-analysis pipeline. They are independent layers.</p>
+  </details>
+  <details class="faq-item">
+    <summary>Where do prevention rules come from?</summary>
+    <p>From your team's own incidents and feedback. ThumbGate captures thumbs-down events via feedback hooks, promotes recurring failures to the local lesson DB, and synthesizes prevention rules that survive model upgrades and prompt resets. The rules are local to your team &mdash; they encode your specific failure patterns, not generic SOC2 boilerplate.</p>
+  </details>
+  <details class="faq-item">
+    <summary>Does ThumbGate work with Claude Code only?</summary>
+    <p>No. The PreToolUse boundary exists in Claude Code, Cursor, OpenAI Codex CLI, Google Gemini CLI, Sourcegraph Amp, Cline, OpenCode, and Claude Desktop. ThumbGate's adapter matrix covers all of them. One rule set, every agent runtime.</p>
+  </details>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Close the pre-execution gap in AC/DC</h2>
+    <p>Install runtime enforcement at the PreToolUse boundary across every agent your team uses. Local rules, hosted evidence, no static-analyzer in the path.</p>
+    <div class="cta-install">$ npx thumbgate init</div>
+  </div>
+
+  <div class="related">
+    <h3>Related articles</h3>
+    <a href="/learn/background-agent-control-layer">Background Agent Control Layer &rarr;</a>
+    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained &rarr;</a>
+    <a href="/learn/regulated-agent-execution-boundary">Regulated Agent Execution Boundary &rarr;</a>
+    <a href="/compare/anthropic-containment">ThumbGate vs Anthropic Containment &rarr;</a>
+  </div>
+</div>
+
+<div class="sticky-cta">
+  <span style="color:var(--muted)">Try it now:</span>
+  <code>npx thumbgate init</code>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+</div>
+</body>
+</html>

package/public/learn/agent-harness-pattern.html

@@ -0,0 +1,181 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>The Agent Harness Pattern: Why Your AI Needs a Seatbelt — ThumbGate</title>
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="Tsinghua researchers formalized agent harnesses as first-class objects with contracts, verification checks, and durable state. ThumbGate implements this pattern today.">
+<meta name="keywords" content="agent harness pattern, natural language agent harness, NLAH, AI agent safety, pre-action checks, verification checks, agent contracts, ThumbGate, MCP hooks">
+<meta property="og:title" content="The Agent Harness Pattern: Why Your AI Needs a Seatbelt">
+<meta property="og:description" content="Academic research meets production code. How the natural-language agent harness pattern maps to real pre-action checks.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/agent-harness-pattern">
+<link rel="canonical" href="https://thumbgate.ai/learn/agent-harness-pattern">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "The Agent Harness Pattern: Why Your AI Needs a Seatbelt",
+  "description": "How the natural-language agent harness pattern from academic research maps to real pre-action checks you can ship today.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "datePublished": "2026-04-02",
+  "dateModified": "2026-04-02",
+  "mainEntityOfPage": "https://thumbgate.ai/learn/agent-harness-pattern",
+  "about": [
+    {"@type": "Thing", "name": "agent harness pattern"},
+    {"@type": "Thing", "name": "natural language agent harness"},
+    {"@type": "Thing", "name": "AI agent verification"}
+  ]
+}
+</script>
+
+<link rel="stylesheet" href="/learn/learn.css">
+<style>
+  table { width: 100%; border-collapse: collapse; margin: 1rem 0; }
+  th, td { text-align: left; padding: 0.6rem 0.8rem; border-bottom: 1px solid var(--border); font-size: 0.9rem; }
+  th { color: var(--cyan); font-weight: 600; }
+  .mapping-row td:first-child { color: var(--green); font-weight: 500; }
+</style>
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" class="logo-mark" width="28" height="28"><span class="logo-text">ThumbGate</span></a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / Agent Harness Pattern</div>
+  <h1>The Agent Harness Pattern: Why Your AI Needs a Seatbelt</h1>
+  <p style="color:var(--muted);">5 min read &middot; Research deep-dive for developers shipping AI agents in production</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> Tsinghua researchers proved that AI agents need harnesses — contracts, verification checks, and durable state. ThumbGate is a production implementation you can ship today.</div>
+
+  <h2>The problem: agents act faster than you can review</h2>
+  <p>AI coding agents can write, commit, and deploy code in seconds. The gap between "agent decides to act" and "irreversible damage" is measured in milliseconds. Prompt instructions alone cannot close that gap because they live inside the same context the agent can override.</p>
+  <p>Researchers at Tsinghua University formalized this problem in their work on Natural-Language Agent Harnesses (NLAH). Their key insight: the safety layer must be <strong>external to the agent</strong>, treated as a first-class object with its own contracts, verification logic, and persistent state.</p>
+
+  <div class="callout">
+    <strong>The core idea:</strong> An agent harness is not a prompt. It is a runtime layer that sits between the agent's intent and the outside world, enforcing contracts that the agent cannot bypass.
+  </div>
+
+  <h2>Four components of an agent harness</h2>
+  <p>The NLAH framework defines four components that any production-grade harness needs. Here is how each maps to a concrete implementation in ThumbGate:</p>
+
+  <table>
+    <thead>
+      <tr>
+        <th>NLAH Component</th>
+        <th>What It Does</th>
+        <th>ThumbGate Implementation</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr class="mapping-row">
+        <td>Contracts</td>
+        <td>Formal rules that define what the agent must not do</td>
+        <td>Prevention rules in <code>prevention-rules.md</code> — auto-generated from thumbs-down feedback</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>Verification Checks</td>
+        <td>Checkpoints that intercept actions before execution</td>
+        <td>PreToolUse hooks — intercept every tool call, match against checks, block or allow</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>Durable State</td>
+        <td>Persistent memory that survives across sessions</td>
+        <td>SQLite+FTS5 lesson database — feedback, memories, and rules persist and are searchable</td>
+      </tr>
+      <tr class="mapping-row">
+        <td>Adapters</td>
+        <td>Platform-specific connectors for different agent runtimes</td>
+        <td>MCP server + adapters for Claude Code, Cursor, Codex, Gemini, Amp, OpenCode</td>
+      </tr>
+    </tbody>
+  </table>
+
+  <h2>Why contracts beat prompt rules</h2>
+  <p>A prompt rule says: "Do not force-push to main." An agent can reason around that, reinterpret it, or simply lose it in a long context window.</p>
+  <p>A contract says: if the tool call is <code>Bash</code> and the command matches <code>git push.*--force</code> targeting <code>main</code>, return <code>{"decision": "block"}</code>. The agent never executes the command. There is nothing to reason around.</p>
+
+  <div class="callout callout-red">
+    <strong>Prompt rules fail silently.</strong> When a prompt rule is violated, you only find out after the damage is done. A verification check fails loudly — the agent receives a block response and must adapt.
+  </div>
+
+  <h2>Verification checks in practice</h2>
+  <p>Every time your AI agent calls a tool — running a shell command, writing a file, making an API call — a PreToolUse hook fires. ThumbGate checks the call against your checks:</p>
+
+  <ol>
+    <li><strong>Pattern match:</strong> Does the tool name and arguments match any prevention rule?</li>
+    <li><strong>Thompson Sampling:</strong> For rules with uncertain severity, use multi-armed bandit sampling to decide block vs. warn</li>
+    <li><strong>Decision:</strong> Block (hard stop), warn (let agent reconsider), or allow (no match)</li>
+    <li><strong>Feedback loop:</strong> The decision is logged. Thumbs-up/down on outcomes refines future checks.</li>
+  </ol>
+
+  <p>This is the verification check pattern from the NLAH framework, running in production today.</p>
+
+  <h2>Durable state: memory that survives sessions</h2>
+  <p>One of the NLAH paper's strongest arguments is that agent harnesses need persistent state. An agent that forgets its mistakes between sessions will repeat them.</p>
+  <p>ThumbGate stores every feedback event in a SQLite database with full-text search (FTS5). When a new session starts, the agent's context is assembled from relevant past lessons — not the entire history, but the lessons most similar to the current task.</p>
+
+  <div class="callout callout-green">
+    <strong>The feedback loop closes itself:</strong> You thumbs-down a mistake → a prevention rule is generated → the check blocks the mistake next time → the agent adapts → you thumbs-up the adaptation → the rule is reinforced.
+  </div>
+
+  <h2>Adapters: one harness, many agents</h2>
+  <p>The NLAH framework emphasizes platform independence. A harness should work across different agent runtimes without rewriting the safety logic.</p>
+  <p>ThumbGate achieves this through the Model Context Protocol (MCP). Any agent that speaks MCP — Claude Code, Cursor, Codex, Gemini, Amp, OpenCode — connects to the same ThumbGate server and gets the same checks. Write your rules once, enforce everywhere.</p>
+
+  <h2>From research to production in two minutes</h2>
+  <p>The NLAH framework describes what an agent harness <em>should</em> be. ThumbGate is what it looks like when you ship one:</p>
+
+  <pre><code>npx thumbgate init</code></pre>
+
+  <p>That single command sets up:</p>
+  <ul>
+    <li>A PreToolUse hook that intercepts every tool call</li>
+    <li>A SQLite+FTS5 lesson database for durable state</li>
+    <li>Prevention rules generated from your feedback</li>
+    <li>Thompson Sampling for probabilistic check decisions</li>
+    <li>MCP server adapters for your agent runtime</li>
+  </ul>
+
+  <p>You are not writing safety rules from scratch. You are thumbs-downing mistakes and letting the harness learn.</p>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Ship the harness pattern today</h2>
+    <p>One command. Works with Claude Code, Cursor, Codex, Gemini, Amp, and any MCP agent.</p>
+    <div class="cta-install">$ npx thumbgate init</div>
+  </div>
+
+  <div class="related">
+    <h3>Related articles</h3>
+    <a href="/learn/mcp-pre-action-checks-explained">MCP Pre-Action Checks Explained →</a>
+    <a href="/learn/stop-ai-agent-force-push">How to Stop AI Agents From Force-Pushing to Main →</a>
+    <a href="/learn/vibe-coding-safety-net">The Vibe Coding Safety Net You Are Missing →</a>
+  </div>
+</div>
+
+
+  <div class="sticky-cta">
+    <span style="color:var(--muted)">Try it now:</span>
+    <code>npx thumbgate init</code>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+  </div>
+<script src="/js/buyer-intent.js"></script>
+</body>
+</html>