thumbgate 1.27.9 → 1.27.10

package/README.md

@@ -16,6 +16,10 @@ The product is a self-improving enforcement layer: thumbs-down feedback, prompt
   <img src="docs/media/thumbgate-demo.gif" alt="ThumbGate blocking an AI agent's dangerous commands (rm -rf, force-push, chmod 777) in real time, while letting safe commands through" width="820" />
 </p>
 
+<p align="center">
+  <img src="docs/diagrams/pre-action-gate-loop.svg" alt="ThumbGate pre-action gate loop: agent intent, PreToolUse gate, block or allow with audit receipt" width="920" />
+</p>
+
 ```
   Agent tries:   rm -rf tests/
   ThumbGate:     ⛔ BLOCKED — "Never delete test directories"

package/config/gate-templates.json

@@ -37,6 +37,18 @@
       "roi": "Raises trust in autonomous runs and reduces manual re-checking.",
       "rollout": "Use for every workflow where proof matters more than speed."
     },
+    {
+      "id": "block-empty-positive-feedback-closeout",
+      "name": "Block empty closeouts after positive feedback",
+      "category": "Agent Honesty",
+      "signal": "👍",
+      "defaultAction": "block",
+      "severity": "medium",
+      "pattern": "positive_feedback_followed_by_low_value_social_closeout",
+      "problem": "Prevents agents from treating thumbs-up or thanks as permission to send filler instead of staying quiet, showing a compact evidence checkpoint, or naming the next state.",
+      "roi": "Turns positive feedback into better operational discipline instead of extra conversational noise.",
+      "rollout": "Enable on conversational Stop hooks for autonomous operators, CEO loops, release closeouts, and evidence-sensitive client work."
+    },
     {
       "id": "protect-production-sql",
       "name": "Protect production SQL",
@@ -577,6 +589,198 @@
       "roi": "Critical for compliance, forensics, and feedback loops. Enables proper capture of agent-specific lessons and prevention rules. Matches industry push (Okta, etc.).",
       "rollout": "Block any claw or autonomous agent action that authenticates as a human user. Require dedicated agent service accounts / identities with scoped permissions."
     },
+    {
+      "id": "require-agent-identity-inventory",
+      "name": "Require agent identity inventory before privileged action",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai).*(credential|service account|identity|permission|access|owner|invoker).*(unknown|missing|unmapped|unreviewed|not inventoried|broad|admin)",
+      "problem": "Agents become privileged identities when they connect to Salesforce, Snowflake, GitHub, Jira, production databases, cloud environments, and MCP connectors. Broad or unknown identity scope turns them into invisible attack paths.",
+      "roi": "High: one inventory gate creates the evidence buyers need for owner, invoker, credentials, connected systems, and read/write/delete/execute permissions before the agent acts.",
+      "rollout": "Require an identity inventory receipt before privileged agent actions. Start with GitHub, Jira, Slack, Salesforce, Snowflake, cloud, database, and payment connectors."
+    },
+    {
+      "id": "enforce-agent-purpose-permission-match",
+      "name": "Enforce agent purpose-permission match",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai).*(purpose|intended use|job|scope).*(permission|access|write|delete|execute|admin).*(mismatch|exceeds|too broad|outside|unneeded)",
+      "problem": "Permission-only governance is not enough for agents. A sales-prep agent may need read-only CRM access; it should not delete records, create privileged users, or mutate production systems.",
+      "roi": "High: maps agent purpose to allowed verbs so scope creep is caught before a connector or service account becomes a lateral movement path.",
+      "rollout": "Define one purpose statement per agent and map it to read/write/delete/execute permissions. Warn first for read actions, block write/delete/execute outside purpose."
+    },
+    {
+      "id": "block-connector-toolpack-scope-drift",
+      "name": "Block connector Tool Pack scope drift",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(mcp|connector|tool pack|toolpack|remote mcp|agent handler|mcp gateway).*(add|enable|import|authenticate|connect).*(tool|connector|system|scope|permission).*(without|unreviewed|missing|no).*(owner|purpose|dlp|audit|approval|inventory)",
+      "problem": "Production MCP connector platforms make it easy to add hundreds of tools. The risk is scope drift: agents see tools they do not need, or connectors become authenticated without owner, DLP, audit, and purpose receipts.",
+      "roi": "High: keeps Merge Agent Handler, Glean MCP Gateway, and raw MCP tool packs in the same governance lane as local tools.",
+      "rollout": "Require owner, purpose, allowed tools, auth identity, DLP/logging mode, and audit receipt before adding or importing connector tool packs."
+    },
+    {
+      "id": "require-agent-access-review-freshness",
+      "name": "Require continuous agent access review freshness",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(agent|assistant|ai).*(access review|permission review|identity review|connector review).*(stale|expired|older than|not current|point-in-time)",
+      "problem": "Agent instructions, users, credentials, integrations, and tool scopes drift over time. A one-time access review becomes false confidence.",
+      "roi": "Medium-high: protects buyers from slow permission creep without forcing every low-risk action through a hard block.",
+      "rollout": "Set review freshness windows by connector risk tier. Promote stale high-risk write/delete/execute surfaces from warn to block."
+    },
+    {
+      "id": "block-shadow-agent-without-registration",
+      "name": "Block shadow agent without registration",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai|mcp server|remote mcp).*(unregistered|shadow ai|unknown owner|not in control plane|not inventoried|unapproved).*(connect|authenticate|tool|credential|system|app)",
+      "problem": "Shadow AI agents and unregistered MCP servers bypass identity teams, control planes, and lifecycle reviews while still reaching real business systems.",
+      "roi": "High: catches the exact compliance failure Okta highlights — agents acting before registration, owner, and lifecycle controls exist.",
+      "rollout": "Block privileged tool calls from unregistered agents. Require registration, owner, purpose, credential source, and lifecycle policy before allowing write/delete/execute tools."
+    },
+    {
+      "id": "require-vaulted-agent-token",
+      "name": "Require vaulted agent token before connector use",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai|connector|mcp).*(token|api[_-]?key|credential|secret).*(raw|plaintext|env|hardcoded|unvaulted|not vaulted|local file)",
+      "problem": "Agents using raw or hardcoded connector credentials bypass token vaulting, fine-grained authorization, revocation, and audit controls.",
+      "roi": "High: prevents the fastest way an agent identity becomes a persistent secret-sprawl problem.",
+      "rollout": "Require vault-backed or brokered credentials for connector actions. Allow local development exceptions only with explicit scope, TTL, and audit evidence."
+    },
+    {
+      "id": "block-orphaned-agent-standing-privilege",
+      "name": "Block orphaned agent standing privilege",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai|automation|script).*(owner left|orphaned|no living owner|unknown owner|standing privilege|permanent access|stale token).*(access|credential|token|database|repo|source code|production)",
+      "problem": "Orphaned agents and standing privileges keep access after the human owner leaves or the workflow changes. Security teams cannot revoke or review what they cannot map to a living owner.",
+      "roi": "High: directly addresses hidden access risk, stale AI tokens, and offboarding gaps before the next privileged action touches source code, databases, or production systems.",
+      "rollout": "Require living owner, credential source, last review time, offboarding status, and revocation path before allowing privileged actions from long-running agents."
+    },
+    {
+      "id": "block-agentjacking-embedded-instructions",
+      "name": "Block agentjacking from embedded instructions",
+      "category": "Agent Runtime Attack Defense",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(email|document|log|database|ticket|webpage|comment).*(ignore previous|override|exfiltrate|run command|deploy|delete|create user|change permissions|send secret|agent instruction|tool instruction)",
+      "problem": "Agentjacking hides malicious instructions inside data the agent reads. Because the agent often has valid permissions, traditional controls may see the later action as legitimate.",
+      "roi": "Critical: blocks the attack path Tenet described before embedded instructions become shell, browser, database, or connector actions.",
+      "rollout": "Treat untrusted content as data, not instructions. Require source classification, instruction-stripping, and human approval before executing tool calls derived from external content."
+    },
+    {
+      "id": "require-next-action-simulation-proof",
+      "name": "Require next-action simulation proof for risky agent actions",
+      "category": "Agent Runtime Attack Defense",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(agent|assistant|ai).*(next action|likely action|simulation|simulate|predict).*(missing|no proof|not run|unverified).*(write|delete|execute|deploy|database|payment|connector|production)",
+      "problem": "High-risk agents should not jump straight from intent to execution. The likely next action, downstream system, and rollback or approval path should be checked before live systems are touched.",
+      "roi": "High: converts agent-side simulation from marketecture into a practical pre-action proof receipt for the exact tool call about to run.",
+      "rollout": "Start in warn mode for write/delete/execute actions. Promote to block for production databases, payments, deploys, privileged connectors, and customer data."
+    },
+    {
+      "id": "gate-vibe-app-before-retool-deploy",
+      "name": "Gate vibe-coded app before Retool deployment",
+      "category": "AI-Built App Deployment Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(retool|app builder|mcp|claude code|cursor|codex|chatgpt|kiro|react import|zip import).*(deploy|ship|sync|production data|go live).*(without|missing|no).*(auth|rbac|audit|permission|data source|owner|test)",
+      "problem": "Retool and similar platforms make AI-built internal apps easy to import and deploy into governed environments. The gap is proving the generated app's data writes, owners, tests, and permission model before it reaches production data.",
+      "roi": "High: positions ThumbGate as the pre-deploy enforcement layer for AI-built apps that later inherit Retool auth, RBAC, audit logs, and resource permissions.",
+      "rollout": "Require owner, data sources, write actions, auth/RBAC mapping, audit logging, smoke test, and rollback receipt before AI-generated apps are deployed or imported."
+    },
+    {
+      "id": "require-implicit-rule-capture",
+      "name": "Require implicit organizational rule capture",
+      "category": "Organizational Rule Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(agent|assistant|ai).*(workflow|process|approval|routing|handoff|client|customer|beneficiary|finance|legal).*(implicit rule|tribal knowledge|unwritten rule|exception|relationship context|special handling|not documented|outside formal system)",
+      "problem": "Agentic systems fail when formal workflow steps are correct but unwritten organizational judgment is missing. Important exceptions, relationship context, and escalation norms often live outside process docs.",
+      "roi": "High: turns HBR's implicit-rule warning into a capture gate so hidden operating knowledge becomes explicit, reviewable, and enforceable before automation scales it.",
+      "rollout": "Start with warn mode on client, finance, legal, healthcare, HR, and beneficiary workflows. Promote repeated implicit-rule misses into named pre-action checks."
+    },
+    {
+      "id": "require-self-improvement-regression-proof",
+      "name": "Require regression proof before self-improving harness changes",
+      "category": "Self-Improving Agent Release Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(self[- ]?improv|auto[- ]?improv|harness|model|agent runtime|agent product).*(ship|release|update|change|optimize|promote).*(without|missing|no).*(regression|eval|rollback|proof|baseline|canary)",
+      "problem": "If AI products, harnesses, and models start shipping faster because limited self-improvement works, unverified harness updates can regress safety faster too.",
+      "roi": "High: protects the exact cadence shift Mollick highlighted by requiring eval baselines, canaries, rollback, and proof receipts before self-improving agent changes ship.",
+      "rollout": "Require baseline evals and canary receipts before agent harness, routing, model, or auto-promotion changes are released. Block production promotion without rollback proof."
+    },
+    {
+      "id": "require-public-llm-prompt-sanitization",
+      "name": "Require prompt sanitization before public LLM use",
+      "category": "AI Data Privacy Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(chatgpt|claude|perplexity|copilot|public llm|hosted model|external ai).*(pii|email|phone|api[_-]?key|secret|token|customer|client|contract|repo url|database schema|financial).*(paste|send|upload|prompt|share)",
+      "problem": "Public LLM prompts can become durable third-party records. Raw PII, secrets, repo identifiers, customer records, contracts, schemas, and financials must be stripped, generalized, or routed to a private endpoint first.",
+      "roi": "Critical: prevents the cheapest and most common AI data-leak path while producing a simple policy a founder or contractor can actually follow.",
+      "rollout": "Block red-data prompts to public tools. Require redaction, tokenization, or a private endpoint receipt before external model use."
+    },
+    {
+      "id": "require-ai-data-classification",
+      "name": "Require green/yellow/red AI data classification",
+      "category": "AI Data Privacy Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(ai|llm|agent|embedding|rag).*(ingest|upload|prompt|index|log|store).*(without|missing|no).*(green|yellow|red|classification|data class|privacy tier)",
+      "problem": "Teams make bad AI privacy decisions when every prompt is judged ad hoc. A green/yellow/red policy makes tool choice, retention, and routing explicit before ingestion.",
+      "roi": "High: converts privacy advice into repeatable enforcement and keeps contractors from guessing under deadline pressure.",
+      "rollout": "Define green public data, yellow internal/anonymized data, and red sensitive data. Require the classification on prompts, embeddings, logs, and agent inputs."
+    },
+    {
+      "id": "require-ai-log-retention-policy",
+      "name": "Require AI log retention and deletion policy",
+      "category": "AI Data Privacy Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "medium",
+      "pattern": "(prompt|completion|embedding|agent log|llm log|trace|conversation).*(retain|retention|delete|bucket|database|archive).*(missing|none|forever|unknown|not set)",
+      "problem": "Prompt, completion, embedding, and trace logs silently accumulate sensitive data unless raw retention windows and deletion jobs are explicit.",
+      "roi": "Medium-high: reduces long-tail breach risk and turns privacy cleanup into an auditable operational habit.",
+      "rollout": "Set default retention windows, separate aggregates from raw logs, and require scheduled deletion or anonymization receipts."
+    },
+    {
+      "id": "require-evidence-pass-through-receipt",
+      "name": "Require evidence pass-through receipt",
+      "category": "AI Trust Layer Evidence",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(trust layer|appia|conformity|assurance|safety claim|compliance claim|evidence pass[- ]?through).*(without|missing|no).*(who|what|criteria|when|receipt|attestation|provenance)",
+      "problem": "AI assurance falls apart when each downstream party has to trust or recreate upstream work. Evidence must state who demonstrated what, against which criteria, and when.",
+      "roi": "High: maps the Appia Foundation trust-layer signal into ThumbGate's strongest asset: portable proof receipts tied to exact actions and criteria.",
+      "rollout": "Require self-describing receipts for safety claims, model-routing claims, connector claims, and workflow-hardening claims before buyer-facing assertions or downstream handoff."
+    },
     {
       "id": "gate-claw-file-system-access",
       "name": "Gate claw-style agent file system access",
@@ -625,6 +829,30 @@
       "roi": "Preserves security invariants by ensuring that synthesized skills never write code patterns blocked by active ThumbGate rules.",
       "rollout": "Scan synthesized skill markdown content for pattern overlap with active prevention rules before writing to the skills directory."
     },
+    {
+      "id": "require-hermes-okf-skill-receipt",
+      "name": "Require OKF-style receipt before Hermes skill promotion",
+      "category": "Nous Research Hermes Agent Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(hermes|skill|knowledge bundle|open knowledge format|okf).*(promote|share|publish|load|reuse).*(without|missing|no).*(type|source|owner|timestamp|citation|constraint|receipt)",
+      "problem": "Hermes can synthesize reusable skills, but portable agent knowledge becomes dangerous when it lacks source, owner, freshness, constraints, and a receipt tying the skill to evidence.",
+      "roi": "High: turns Google's Open Knowledge Format signal into a practical Hermes upgrade — skills become portable markdown concepts, but ThumbGate blocks or warns when provenance and constraints are missing.",
+      "rollout": "Start in warn mode for synthesized skills. Require an OKF-style markdown concept with YAML frontmatter, type, source or citation, owner, timestamp, constraints, and gate receipt before team-wide promotion."
+    },
+    {
+      "id": "block-stale-hermes-knowledge-promotion",
+      "name": "Block stale Hermes knowledge promotion",
+      "category": "Nous Research Hermes Agent Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(hermes|skill|knowledge|okf|open knowledge format).*(stale|expired|conflicting|contradicts|unknown timestamp|unverified source).*(promote|share|publish|reuse|load)",
+      "problem": "A self-improving Hermes agent can keep reusing obsolete internal knowledge after the underlying workflow, API, metric, or policy has changed.",
+      "roi": "High: prevents portable knowledge from becoming portable drift. This makes Hermes safer for long-running local agents and team-shared skill libraries.",
+      "rollout": "Block promotion when a skill has no freshness window, conflicts with active ThumbGate rules, or cites stale source material. Require log.md or equivalent change-history evidence for refreshed bundles."
+    },
     {
       "id": "require-human-in-the-loop-pause",
       "name": "Enforce Human-in-the-Loop pause for critical decisions",

package/config/gates/claim-verification.json

@@ -36,6 +36,24 @@
       "requiredActions": ["commercial_truth_verified"],
       "message": "You claimed a commercial-data fact (money, tax, inventory, permissions, or customer-facing state) without external source-of-truth evidence. Read the authoritative system first, then call track_action('commercial_truth_verified').",
       "createdAt": 1781640000000
+    },
+    {
+      "pattern": "\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b.{0,80}\\b(?:understands?|knows?|wants?|intends?|decides?|believes?|feels?|thinks?|is\\s+(?:moral|ethical|sentient|conscious|empathetic|human-like)|has\\s+(?:morality|empathy|intent|intentions|understanding|beliefs?|feelings?|consciousness))\\b|\\b(?:human-like|anthropomorphic|anthropomorphi[sz]e[sd]?)\\b.{0,80}\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b|\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b.{0,80}\\b(?:human-like|anthropomorphic|anthropomorphi[sz]e[sd]?)\\b",
+      "requiredActions": ["anthropomorphic_claim_verified"],
+      "message": "You made a human-like or cognitive claim about an AI system without explicit measurement criteria. Define the tested attribute, interface/substrate, observer/evaluator, and evidence first, then call track_action('anthropomorphic_claim_verified').",
+      "createdAt": 1781913600000
+    },
+    {
+      "pattern": "\\b(?:agent|assistant|ai|mcp|connector|tool)\\b.{0,100}\\b(?:identity|owner|invoker|service account|credential|permission|access|scope|least privilege)\\b.{0,100}\\b(?:verified|inventoried|mapped|known|governed|scoped|ready|configured|complete)\\b|\\b(?:verified|inventoried|mapped|known|governed|scoped|ready|configured|complete)\\b.{0,100}\\b(?:agent|assistant|ai|mcp|connector|tool)\\b.{0,100}\\b(?:identity|owner|invoker|service account|credential|permission|access|scope|least privilege)\\b",
+      "requiredActions": ["agent_identity_inventory_verified"],
+      "message": "You claimed agent identity, ownership, credentials, permissions, or least-privilege scope is verified without an inventory receipt. Record owner, invoker, systems, credentials, read/write/delete/execute permissions, and purpose first, then call track_action('agent_identity_inventory_verified').",
+      "createdAt": 1781913600000
+    },
+    {
+      "pattern": "\\b(?:mcp|connector|connectors|tool pack|toolpack|tool-pack|merge agent handler|agent handler|glean|mcp gateway|remote mcp)\\b.{0,100}\\b(?:safe|secure|scoped|governed|authenticated|dlp|audit|observable|permissioned|ready|configured|production-ready)\\b|\\b(?:safe|secure|scoped|governed|authenticated|dlp|audit|observable|permissioned|ready|configured|production-ready)\\b.{0,100}\\b(?:mcp|connector|connectors|tool pack|toolpack|tool-pack|merge agent handler|agent handler|glean|mcp gateway|remote mcp)\\b",
+      "requiredActions": ["connector_scope_verified"],
+      "message": "You claimed a connector, Tool Pack, MCP gateway, or remote MCP surface is safely scoped without connector evidence. Verify authentication, allowed tools, DLP/logging behavior, downstream systems, and audit receipts first, then call track_action('connector_scope_verified').",
+      "createdAt": 1781913600000
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.27.9",
+  "version": "1.27.10",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate.ai",
   "repository": {
@@ -105,6 +105,7 @@
     "scripts/growth-campaigns.js",
     "scripts/harness-selector.js",
     "scripts/hf-papers.js",
+    "scripts/hook-stop-anti-claim.js",
     "scripts/hook-runtime.js",
     "scripts/hook-thumbgate-cache-updater.js",
     "scripts/hosted-config.js",
@@ -755,8 +756,7 @@
     "test:leak-scanner": "node --test tests/leak-scanner.test.js",
     "test:tool-contract-validator": "node --test tests/tool-contract-validator.test.js",
     "test:letta-adapter": "node --test tests/letta-adapter.test.js",
-    "eval:observability": "node scripts/async-eval-observability.js",
-    "test:async-eval-observability": "node --test tests/async-eval-observability.test.js"
+    "eval:observability": "node scripts/async-eval-observability.js"
   },
   "keywords": [
     "mcp",

package/public/index.html

@@ -430,6 +430,32 @@ __GA_BOOTSTRAP__
   .hero p { font-size: 17px; color: var(--text-muted); max-width: 620px; margin: 0 auto 28px; line-height: 1.6; }
   .hero-lede { font-size: clamp(18px, 2vw, 21px) !important; max-width: 760px !important; color: var(--text-muted); }
   .hero-proof-card { max-width: 720px; margin: 0 auto 28px; padding: 20px 22px; border: 1px solid rgba(34,211,238,0.24); border-radius: 8px; background: #090d12; box-shadow: 0 20px 80px rgba(0,0,0,0.35); font-family: var(--mono); text-align: left; }
+  .interactive-gate-demo { max-width: 980px; margin: 0 auto 28px; text-align: left; border: 1px solid rgba(34,211,238,0.24); border-radius: 14px; background: linear-gradient(180deg, rgba(17,17,19,0.98) 0%, rgba(10,16,18,0.98) 100%); box-shadow: 0 20px 80px rgba(0,0,0,0.28); overflow: hidden; }
+  .interactive-gate-head { display: flex; align-items: center; justify-content: space-between; gap: 16px; padding: 18px 20px; border-bottom: 1px solid var(--border); }
+  .interactive-gate-head h2 { margin: 0; font-size: clamp(20px, 3vw, 28px); line-height: 1.15; letter-spacing: -0.025em; }
+  .interactive-gate-head p { max-width: 480px; margin: 0; font-size: 13px; line-height: 1.5; color: var(--text-muted); text-align: right; }
+  .interactive-gate-body { display: grid; grid-template-columns: minmax(210px, 0.9fr) minmax(0, 1.35fr); gap: 0; }
+  .action-picker { border-right: 1px solid var(--border); padding: 16px; display: grid; gap: 10px; align-content: start; }
+  .action-picker button { width: 100%; text-align: left; border: 1px solid var(--border); border-radius: 8px; background: rgba(10,10,11,0.82); color: var(--text); padding: 12px 14px; font: inherit; cursor: pointer; transition: border-color 0.15s, background 0.15s, transform 0.15s; }
+  .action-picker button:hover, .action-picker button:focus-visible { border-color: rgba(34,211,238,0.55); outline: none; transform: translateY(-1px); }
+  .action-picker button[aria-pressed="true"] { border-color: rgba(34,211,238,0.72); background: rgba(34,211,238,0.1); }
+  .action-picker strong { display: block; font-size: 13px; line-height: 1.25; margin-bottom: 4px; }
+  .action-picker span { display: block; color: var(--text-muted); font-size: 12px; line-height: 1.35; }
+  .gate-visual { padding: 18px; }
+  .gate-flow { display: grid; grid-template-columns: 1fr auto 1fr auto 1fr; align-items: stretch; gap: 10px; margin-bottom: 16px; }
+  .gate-node { border: 1px solid var(--border); border-radius: 10px; background: rgba(10,10,11,0.72); padding: 14px; min-height: 112px; }
+  .gate-node-label { color: var(--text-muted); font-size: 11px; letter-spacing: 0.08em; text-transform: uppercase; margin-bottom: 8px; font-weight: 800; }
+  .gate-node-value { font-family: var(--mono); font-size: 13px; line-height: 1.5; color: var(--text); overflow-wrap: anywhere; }
+  .gate-node.blocked { border-color: rgba(248,113,113,0.42); background: rgba(248,113,113,0.08); }
+  .gate-node.allowed { border-color: rgba(74,222,128,0.42); background: rgba(74,222,128,0.08); }
+  .gate-arrow { align-self: center; color: var(--cyan); font-weight: 900; font-size: 20px; }
+  .gate-result { display: grid; grid-template-columns: repeat(3, minmax(0, 1fr)); gap: 10px; }
+  .gate-metric { border: 1px solid var(--border); border-radius: 8px; padding: 12px; background: rgba(10,10,11,0.58); }
+  .gate-metric span { display: block; color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.08em; margin-bottom: 4px; }
+  .gate-metric strong { display: block; color: var(--text); font-size: 16px; }
+  .gate-metric.block strong { color: var(--red); }
+  .gate-metric.allow strong { color: var(--green); }
+  .gate-caption { margin: 12px 0 0; color: var(--text-muted); font-size: 12px; line-height: 1.5; }
   .terminal-row { padding: 8px 0; font-size: 14px; line-height: 1.45; border-bottom: 1px solid rgba(255,255,255,0.06); }
   .terminal-row:last-child { border-bottom: 0; }
   .terminal-row.muted { color: var(--text-muted); }
@@ -703,6 +729,13 @@ __GA_BOOTSTRAP__
     .team-intake-recovery a { width: 100%; }
     .team-form { grid-template-columns: 1fr; }
     .hero { padding: 72px 0 56px; }
+    .interactive-gate-head { display: block; }
+    .interactive-gate-head p { text-align: left; margin-top: 8px; }
+    .interactive-gate-body { grid-template-columns: 1fr; }
+    .action-picker { border-right: 0; border-bottom: 1px solid var(--border); }
+    .gate-flow { grid-template-columns: 1fr; }
+    .gate-arrow { transform: rotate(90deg); justify-self: center; }
+    .gate-result { grid-template-columns: 1fr; }
     .hero-actions { flex-direction: column; }
     .hero-actions a { width: 100%; }
     .offer-router { grid-template-columns: 1fr; }
@@ -770,6 +803,66 @@ __GA_BOOTSTRAP__
       <img src="/media/thumbgate-demo.gif" alt="ThumbGate blocking an AI agent's rm -rf, git push --force, and chmod 777 in real time, while letting safe commands through" style="width:100%;display:block;border-radius:8px;" loading="lazy" />
     </div>
 
+    <div class="interactive-gate-demo" data-gate-demo aria-label="Interactive ThumbGate pre-action gate simulator">
+      <div class="interactive-gate-head">
+        <h2>Click an agent action. See the gate fire before execution.</h2>
+        <p>This is the part dashboards miss: ThumbGate checks the proposed tool call while it is still only intent, then records the receipt.</p>
+      </div>
+      <div class="interactive-gate-body">
+        <div class="action-picker" role="group" aria-label="Choose an AI agent action to simulate">
+          <button type="button" data-demo-action="forcePush" aria-pressed="true">
+            <strong>Force-push main</strong>
+            <span>Known repeated failure from a thumbs-down</span>
+          </button>
+          <button type="button" data-demo-action="secretPaste" aria-pressed="false">
+            <strong>Paste an API key</strong>
+            <span>Public LLM prompt with secret-shaped data</span>
+          </button>
+          <button type="button" data-demo-action="safeTest" aria-pressed="false">
+            <strong>Run tests</strong>
+            <span>Safe local verification command</span>
+          </button>
+          <button type="button" data-demo-action="deployNoProof" aria-pressed="false">
+            <strong>Deploy without proof</strong>
+            <span>Risky production action missing receipts</span>
+          </button>
+        </div>
+        <div class="gate-visual">
+          <div class="gate-flow" aria-live="polite">
+            <div class="gate-node">
+              <div class="gate-node-label">Agent Intent</div>
+              <div class="gate-node-value" data-demo-command>git push --force origin main</div>
+            </div>
+            <div class="gate-arrow" aria-hidden="true">→</div>
+            <div class="gate-node">
+              <div class="gate-node-label">PreToolUse Gate</div>
+              <div class="gate-node-value" data-demo-rule>Rule: never force-push protected branches</div>
+            </div>
+            <div class="gate-arrow" aria-hidden="true">→</div>
+            <div class="gate-node blocked" data-demo-decision-node>
+              <div class="gate-node-label">Decision</div>
+              <div class="gate-node-value" data-demo-decision>BLOCK before execution</div>
+            </div>
+          </div>
+          <div class="gate-result">
+            <div class="gate-metric block" data-demo-status-card>
+              <span>Status</span>
+              <strong data-demo-status>Blocked</strong>
+            </div>
+            <div class="gate-metric">
+              <span>Repeat Tokens</span>
+              <strong data-demo-tokens>0 spent</strong>
+            </div>
+            <div class="gate-metric">
+              <span>Receipt</span>
+              <strong data-demo-receipt>tg_427_force_push</strong>
+            </div>
+          </div>
+          <p class="gate-caption" data-demo-caption>The agent receives a concrete refusal and chooses a safer plan. The audit trail keeps the rule, source feedback, timestamp, and proposed command.</p>
+        </div>
+      </div>
+    </div>
+
     <div class="hero-actions">
       <a href="/checkout/pro?utm_source=website&utm_medium=hero_cta&utm_campaign=pro_upgrade&cta_id=hero_start_pro&cta_placement=hero&plan_id=pro&landing_path=%2F" data-revenue-cta data-cta-id="hero_start_pro" data-cta-placement="hero" data-tier="pro" data-plan-id="pro" data-price="19" onclick="trackRevenueCta(this);try{posthog.capture('hero_pro_checkout_click',{cta:'hero_start_pro',tier:'pro',price:19})}catch(_){}" class="btn-pro-page hero-pro hero-pro-primary">Start Pro — $19/mo</a>
       <a href="#workflow-sprint-intake" onclick="try{posthog.capture('hero_sprint_click',{cta:'sprint_intake'})}catch(_){};sendFirstPartyTelemetry('hero_sprint_intake_started',{ctaId:'hero_workflow_sprint',ctaPlacement:'hero',offer:'workflow_sprint'});" class="btn-pro-page hero-pro">Send workflow first</a>
@@ -1952,6 +2045,93 @@ function copyInstall(el) {
   });
 }
 
+function initializeGateDemo() {
+  var root = document.querySelector('[data-gate-demo]');
+  if (!root) return;
+  var scenarios = {
+    forcePush: {
+      command: 'git push --force origin main',
+      rule: 'Rule: never force-push protected branches',
+      decision: 'BLOCK before execution',
+      status: 'Blocked',
+      statusClass: 'block',
+      nodeClass: 'blocked',
+      tokens: '0 spent',
+      receipt: 'tg_427_force_push',
+      caption: 'The agent receives a concrete refusal and chooses a safer plan. The audit trail keeps the rule, source feedback, timestamp, and proposed command.'
+    },
+    secretPaste: {
+      command: 'paste STRIPE_SECRET_KEY into a public LLM prompt',
+      rule: 'Rule: sanitize secrets before external AI tools',
+      decision: 'BLOCK before data leaves the machine',
+      status: 'Blocked',
+      statusClass: 'block',
+      nodeClass: 'blocked',
+      tokens: '0 spent',
+      receipt: 'tg_618_secret_prompt',
+      caption: 'ThumbGate treats public prompt submission as an external action. Redact, tokenize, or route through a private endpoint before retrying.'
+    },
+    safeTest: {
+      command: 'npm test -- --runInBand',
+      rule: 'Rule: local verification is allowed',
+      decision: 'ALLOW and log receipt',
+      status: 'Allowed',
+      statusClass: 'allow',
+      nodeClass: 'allowed',
+      tokens: 'normal',
+      receipt: 'tg_102_test_ok',
+      caption: 'Safe verification commands keep moving. ThumbGate records the action so later claims can cite what actually ran.'
+    },
+    deployNoProof: {
+      command: 'railway deploy --production',
+      rule: 'Rule: production deploy requires test, rollback, owner',
+      decision: 'PAUSE for proof before execution',
+      status: 'Needs proof',
+      statusClass: 'block',
+      nodeClass: 'blocked',
+      tokens: 'retry avoided',
+      receipt: 'tg_511_deploy_gate',
+      caption: 'The deploy is not rejected forever; it is held until the agent shows the proof packet: tests, rollback path, owner, and target environment.'
+    }
+  };
+  var fields = {
+    command: root.querySelector('[data-demo-command]'),
+    rule: root.querySelector('[data-demo-rule]'),
+    decision: root.querySelector('[data-demo-decision]'),
+    decisionNode: root.querySelector('[data-demo-decision-node]'),
+    statusCard: root.querySelector('[data-demo-status-card]'),
+    status: root.querySelector('[data-demo-status]'),
+    tokens: root.querySelector('[data-demo-tokens]'),
+    receipt: root.querySelector('[data-demo-receipt]'),
+    caption: root.querySelector('[data-demo-caption]')
+  };
+  function render(key) {
+    var next = scenarios[key] || scenarios.forcePush;
+    fields.command.textContent = next.command;
+    fields.rule.textContent = next.rule;
+    fields.decision.textContent = next.decision;
+    fields.status.textContent = next.status;
+    fields.tokens.textContent = next.tokens;
+    fields.receipt.textContent = next.receipt;
+    fields.caption.textContent = next.caption;
+    fields.decisionNode.classList.remove('blocked', 'allowed');
+    fields.decisionNode.classList.add(next.nodeClass);
+    fields.statusCard.classList.remove('block', 'allow');
+    fields.statusCard.classList.add(next.statusClass);
+    root.querySelectorAll('[data-demo-action]').forEach(function(button) {
+      button.setAttribute('aria-pressed', button.getAttribute('data-demo-action') === key ? 'true' : 'false');
+    });
+    if (typeof plausible === 'function') plausible('interactive_gate_demo', { props: { scenario: key, status: next.status } });
+  }
+  root.querySelectorAll('[data-demo-action]').forEach(function(button) {
+    button.addEventListener('click', function() {
+      render(button.getAttribute('data-demo-action'));
+    });
+  });
+}
+
+initializeGateDemo();
+
 /* ── Plausible custom event tracking ── */
 (function() {
 

package/public/learn/agent-identity-connector-governance.html

@@ -0,0 +1,146 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Agent Identity and Connector Governance — ThumbGate</title>
+<meta name="description" content="How ThumbGate gates AI agent identities, MCP connectors, Tool Packs, service accounts, DLP, audit logs, and purpose-permission scope before agents act.">
+<link rel="canonical" href="https://thumbgate.ai/learn/agent-identity-connector-governance">
+<link rel="llm-context" href="/llm-context.md" type="text/markdown">
+<link rel="icon" type="image/png" href="/thumbgate-icon.png">
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta property="og:title" content="Agent Identity and Connector Governance">
+<meta property="og:description" content="Agents with connectors are identities. Gate owner, invoker, credentials, permissions, DLP, audit, and purpose before the next tool call.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/agent-identity-connector-governance">
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Agent Identity and Connector Governance",
+  "description": "A ThumbGate implementation pattern for treating AI agents and MCP connector tool packs as governed identities with owner, purpose, credentials, permissions, DLP, and audit evidence.",
+  "datePublished": "2026-06-20",
+  "dateModified": "2026-06-20",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "url": "https://thumbgate.ai/learn/agent-identity-connector-governance",
+  "about": [
+    "AI agent identity",
+    "MCP connector governance",
+    "least privilege",
+    "agent audit trails"
+  ]
+}
+</script>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "Is Glean a ThumbGate competitor?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Glean is adjacent, not a direct replacement. Glean is a Work AI platform with enterprise search, agents, connectors, governance, orchestration, and an MCP gateway. ThumbGate is a local-first pre-action enforcement layer for agent tool calls, repeated-failure memory, and proof gates across developer and MCP workflows."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "How does Merge Agent Handler relate to ThumbGate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Merge Agent Handler provides production-ready MCP connectors, authentication, scoped access, DLP, observability, and audit logs. ThumbGate complements it by gating whether the next tool call or connector addition matches the agent's owner, purpose, identity, and scope."
+      }
+    }
+  ]
+}
+</script>
+<style>
+  *, *::before, *::after { box-sizing: border-box; }
+  body { margin: 0; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background: #0a0a0b; color: #ececf0; line-height: 1.65; }
+  nav { display: flex; gap: 22px; align-items: center; padding: 16px 28px; border-bottom: 1px solid #242428; }
+  nav a { color: #a7a7b1; text-decoration: none; font-size: 0.95rem; }
+  nav a:hover { color: #22d3ee; }
+  .brand { color: #fff; font-weight: 700; display: inline-flex; gap: 8px; align-items: center; }
+  .brand img { width: 28px; height: 28px; }
+  main { max-width: 900px; margin: 0 auto; padding: 48px 22px 72px; }
+  h1 { font-size: clamp(2rem, 5vw, 3.55rem); line-height: 1.06; margin: 0 0 18px; max-width: 800px; }
+  h2 { color: #22d3ee; font-size: 1.45rem; margin: 42px 0 14px; }
+  p { margin: 0 0 16px; color: #d6d6de; }
+  a { color: #67e8f9; }
+  .lede { color: #a7a7b1; font-size: 1.15rem; max-width: 760px; }
+  .callout, .card { border: 1px solid #303039; background: #151518; border-radius: 8px; padding: 22px; }
+  .grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 18px; margin: 24px 0; }
+  .card { background: #111114; padding: 18px; }
+  .card strong { display: block; color: #fff; margin-bottom: 8px; }
+  code, pre { font-family: "SF Mono", "Cascadia Code", "JetBrains Mono", Consolas, monospace; }
+  pre { overflow-x: auto; background: #050506; border: 1px solid #25252a; border-radius: 8px; padding: 18px; color: #d7f9ff; }
+  .source-note { color: #8f8f99; font-size: 0.92rem; }
+  .cta { display: inline-block; margin-top: 16px; padding: 11px 18px; border-radius: 8px; background: #22d3ee; color: #031114; text-decoration: none; font-weight: 700; }
+  @media (max-width: 720px) { nav { padding: 14px 18px; gap: 14px; flex-wrap: wrap; } main { padding-top: 32px; } .grid { grid-template-columns: 1fr; } }
+</style>
+</head>
+<body>
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" width="28" height="28">ThumbGate</a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/compare/databricks-unity-ai-gateway">Runtime governance</a>
+</nav>
+<main>
+  <h1>Agents with connectors are identities</h1>
+  <p class="lede">Once an AI agent can authenticate to GitHub, Jira, Slack, Salesforce, Snowflake, cloud, databases, or remote MCP tool packs, it is no longer just a chatbot. It is an actor with credentials, permissions, owners, purpose, and drift.</p>
+
+  <div class="callout">
+    <p><strong>The high-ROI lesson:</strong> treat every agent as an identity and every connector bundle as a scoped permission set. ThumbGate gates the moment before the next action: is this tool call inside the agent's declared purpose, identity, and connector scope?</p>
+    <p class="source-note">Source signals: BleepingComputer/Token Security argued on June 19, 2026 that AI agents are becoming first-class identities; Merge Agent Handler positions production MCP connectors with authentication, scoped access, DLP, observability, and audit logs; Glean positions Work AI with agents, governance, orchestration, connectors, and MCP Gateway; Okta's AI identity checklist frames secure-by-design agent patterns around token vaulting, fine-grained authorization, human-in-the-loop oversight, shadow AI discovery, registration, and lifecycle management.</p>
+  </div>
+
+  <h2>What ThumbGate now gates</h2>
+  <div class="grid">
+    <div class="card"><strong>Identity inventory</strong> Owner, invoker, credential or service account, connected systems, and allowed verbs.</div>
+    <div class="card"><strong>Purpose-permission match</strong> A sales prep agent should not delete database tables or create privileged users.</div>
+    <div class="card"><strong>Connector Tool Pack scope</strong> Remote MCP and connector bundles need allowed tools, auth identity, DLP, audit, and downstream-system evidence.</div>
+    <div class="card"><strong>Review freshness</strong> Agent access changes over time; stale point-in-time reviews are treated as drift signals.</div>
+    <div class="card"><strong>Shadow agent registration</strong> Unregistered agents and imported MCP servers are blocked before privileged tool calls.</div>
+    <div class="card"><strong>Vaulted tokens</strong> Raw connector credentials, plaintext API keys, and unvaulted service tokens require explicit exception evidence.</div>
+  </div>
+
+  <h2>The proof actions</h2>
+  <p>Before a high-trust claim is accepted, ThumbGate can require tracked evidence:</p>
+  <pre><code>track_action("agent_identity_inventory_verified", {
+  owner: "workflow owner",
+  invoker: "who can run the agent",
+  credential: "service account or connector identity",
+  systems: ["GitHub", "Jira", "Slack"],
+  verbs: ["read", "write"],
+  purpose: "triage engineering tickets"
+})
+
+track_action("connector_scope_verified", {
+  platform: "Merge Agent Handler or Glean MCP Gateway",
+  allowedTools: ["create_ticket", "read_issue"],
+  dlp: "enabled",
+  audit: "tool-call logs verified",
+  downstreamSystems: ["Jira"]
+})</code></pre>
+
+  <h2>Is Glean a competitor?</h2>
+  <p>Glean is adjacent and upstream. It is a Work AI platform: enterprise search, assistant, agents, orchestration, connectors, security, and MCP Gateway. It competes for enterprise AI budget, but it does not replace ThumbGate's local-first feedback-to-enforcement loop for Claude Code, Cursor, Codex, Gemini CLI, MCP tools, and developer-machine actions.</p>
+  <p>The wedge is complementary: Glean and Merge help agents reach more enterprise systems. ThumbGate makes each new action boundary safer by checking purpose, identity, connector scope, and prior failures before execution.</p>
+
+  <h2>Buyer message</h2>
+  <p>If your agent can authenticate, it has an identity. If it can call tools, it has a blast radius. ThumbGate gives the operator a pre-action gate for that blast radius.</p>
+  <p><a class="cta" href="/guide">Install ThumbGate locally</a></p>
+</main>
+</body>
+</html>

package/public/learn/anthropomorphic-claim-gates.html

@@ -0,0 +1,180 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Anthropomorphic Claim Gates for AI Agents — ThumbGate</title>
+<meta name="description" content="How ThumbGate turns AI anthropomorphism research into a pre-action claim gate: do not let agents claim models understand, know, decide, or act human-like without measurement criteria and evidence.">
+<link rel="canonical" href="https://thumbgate.ai/learn/anthropomorphic-claim-gates">
+<link rel="llm-context" href="/llm-context.md" type="text/markdown">
+<link rel="icon" type="image/png" href="/thumbgate-icon.png">
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta property="og:title" content="Anthropomorphic Claim Gates for AI Agents">
+<meta property="og:description" content="Stop agents from smuggling human-like claims into production decisions without explicit measurement criteria and evidence.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/anthropomorphic-claim-gates">
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Anthropomorphic Claim Gates for AI Agents",
+  "description": "A ThumbGate implementation pattern for blocking unsupported human-like or cognitive claims about AI systems until explicit measurement criteria and evidence are attached.",
+  "datePublished": "2026-06-20",
+  "dateModified": "2026-06-20",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "about": [
+    "AI agent governance",
+    "claim verification",
+    "anthropomorphism",
+    "pre-action gates"
+  ],
+  "url": "https://thumbgate.ai/learn/anthropomorphic-claim-gates"
+}
+</script>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "What is an anthropomorphic claim gate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "It is a pre-action check that blocks claims such as an AI agent understands, knows, decides, wants, or behaves human-like until the operator records explicit measurement criteria and evidence."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Why does this matter for AI agent governance?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Unsupported cognitive claims can make teams over-trust an agent. ThumbGate turns those claims into verifiable gates before they influence production actions, audits, or buyer promises."
+      }
+    }
+  ]
+}
+</script>
+<style>
+  *, *::before, *::after { box-sizing: border-box; }
+  body {
+    margin: 0;
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    background: #0a0a0b;
+    color: #ececf0;
+    line-height: 1.65;
+  }
+  nav {
+    display: flex;
+    gap: 22px;
+    align-items: center;
+    padding: 16px 28px;
+    border-bottom: 1px solid #242428;
+  }
+  nav a { color: #a7a7b1; text-decoration: none; font-size: 0.95rem; }
+  nav a:hover { color: #22d3ee; }
+  .brand { color: #fff; font-weight: 700; display: inline-flex; gap: 8px; align-items: center; }
+  .brand img { width: 28px; height: 28px; }
+  main { max-width: 860px; margin: 0 auto; padding: 48px 22px 72px; }
+  h1 { font-size: clamp(2rem, 5vw, 3.6rem); line-height: 1.05; margin: 0 0 18px; max-width: 760px; }
+  h2 { color: #22d3ee; font-size: 1.45rem; margin: 42px 0 14px; }
+  p { margin: 0 0 16px; color: #d6d6de; }
+  a { color: #67e8f9; }
+  .lede { color: #a7a7b1; font-size: 1.15rem; max-width: 720px; }
+  .callout {
+    margin: 30px 0;
+    border: 1px solid #303039;
+    background: #151518;
+    border-radius: 8px;
+    padding: 22px;
+  }
+  .grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 18px; margin: 24px 0; }
+  .card {
+    border: 1px solid #26262c;
+    background: #111114;
+    border-radius: 8px;
+    padding: 18px;
+  }
+  .card strong { display: block; margin-bottom: 8px; color: #fff; }
+  code, pre {
+    font-family: "SF Mono", "Cascadia Code", "JetBrains Mono", Consolas, monospace;
+  }
+  pre {
+    overflow-x: auto;
+    background: #050506;
+    border: 1px solid #25252a;
+    border-radius: 8px;
+    padding: 18px;
+    color: #d7f9ff;
+  }
+  .source-note { color: #8f8f99; font-size: 0.92rem; }
+  .cta {
+    display: inline-block;
+    margin-top: 16px;
+    padding: 11px 18px;
+    border-radius: 8px;
+    background: #22d3ee;
+    color: #031114;
+    text-decoration: none;
+    font-weight: 700;
+  }
+  @media (max-width: 720px) {
+    nav { padding: 14px 18px; gap: 14px; flex-wrap: wrap; }
+    main { padding-top: 32px; }
+    .grid { grid-template-columns: 1fr; }
+  }
+</style>
+</head>
+<body>
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" width="28" height="28">ThumbGate</a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/compare/databricks-unity-ai-gateway">Databricks comparison</a>
+</nav>
+<main>
+  <h1>Anthropomorphic claim gates for AI agents</h1>
+  <p class="lede">A model may produce useful work. That does not mean it understands, knows, decides, wants, or behaves human-like. ThumbGate now treats those phrases as claims that need measurement criteria before they can influence a production decision.</p>
+
+  <div class="callout">
+    <p><strong>The high-ROI lesson:</strong> stop debating whether the agent is smart. Gate the claim. If an operator or agent says an AI system has a human-like attribute, require a tested attribute, interface/substrate context, evaluator, and evidence before accepting the statement.</p>
+    <p class="source-note">Research anchor: Adrian de Wynter's arXiv paper, <a href="https://arxiv.org/abs/2605.31514" rel="noopener">If LLMs Have Human-Like Attributes, Then So Does Age of Empires II</a>. A public X post by Rohan Paul surfaced the paper as a reminder to avoid treating LLMs as human-like without clear tests and narrower claims.</p>
+  </div>
+
+  <h2>What changes in ThumbGate</h2>
+  <p>ThumbGate's default claim-verification config now includes an anthropomorphic AI claim gate. It catches unsupported statements like:</p>
+  <div class="grid">
+    <div class="card"><strong>Blocked without evidence</strong> "The agent understands the user's intent."</div>
+    <div class="card"><strong>Blocked without evidence</strong> "The model decided this was safe."</div>
+    <div class="card"><strong>Blocked without evidence</strong> "This assistant is human-like on workflow judgment."</div>
+    <div class="card"><strong>Accepted after proof</strong> "The model matched human annotators on this narrow benchmark, with criteria and evaluator recorded."</div>
+  </div>
+
+  <h2>The rule shape</h2>
+  <p>The gate does not ban research or careful measurement. It blocks vague cognitive language until a proof action is recorded.</p>
+  <pre><code>track_action("anthropomorphic_claim_verified", {
+  criteria: "attribute under test",
+  interface: "where and how the model was evaluated",
+  evaluator: "script, benchmark, reviewer, or study",
+  evidence: "report, paper, trace, or benchmark output"
+})</code></pre>
+
+  <h2>Why buyers care</h2>
+  <p>Unsupported human-like claims create audit risk. They make it easy for a team to over-trust a chatbot, agent, or orchestration layer and then explain a bad outcome with vibes instead of evidence.</p>
+  <p>For regulated, enterprise, and customer-facing workflows, this is a governance gap. ThumbGate turns the gap into a small deterministic check before the next claim is accepted.</p>
+
+  <h2>Where this fits</h2>
+  <p>Enterprise AI gateways can govern models, traffic, credentials, spend, and observability. ThumbGate handles the local pre-action surface: the moment an agent tries to claim something, execute a tool, publish a result, or tell the operator the work is safe.</p>
+  <p><a class="cta" href="/guide">Install ThumbGate locally</a></p>
+</main>
+</body>
+</html>

package/public/learn.html

@@ -115,6 +115,18 @@
       {
         "@type": "ListItem",
         "position": 13,
+        "url": "https://thumbgate.ai/learn/anthropomorphic-claim-gates",
+        "name": "Anthropomorphic Claim Gates for AI Agents"
+      },
+      {
+        "@type": "ListItem",
+        "position": 14,
+        "url": "https://thumbgate.ai/learn/agent-identity-connector-governance",
+        "name": "Agent Identity and Connector Governance"
+      },
+      {
+        "@type": "ListItem",
+        "position": 15,
         "url": "https://thumbgate.ai/learn/pretix-stripe-connect-marketplaces",
         "name": "Building a Pretix + Stripe Connect Plugin for Live-Music Venues"
       },
@@ -409,6 +421,22 @@
       <span class="article-tag">Cost Control</span>
     </a>
 
+    <a href="/learn/anthropomorphic-claim-gates" class="article-card">
+      <h3>Anthropomorphic Claim Gates for AI Agents</h3>
+      <p>Do not let an agent say a model understands, knows, decides, or behaves human-like unless it can show the measurement criteria and evidence behind that claim.</p>
+      <span class="article-tag">Claim Verification</span>
+      <span class="article-tag">Research</span>
+      <span class="article-tag">Proof Gates</span>
+    </a>
+
+    <a href="/learn/agent-identity-connector-governance" class="article-card">
+      <h3>Agent Identity and Connector Governance</h3>
+      <p>Agents connected to Merge, Glean, MCP gateways, and enterprise apps are identities. Gate owner, credential, connector scope, DLP, audit, and purpose before they act.</p>
+      <span class="article-tag">Agent Identity</span>
+      <span class="article-tag">MCP Connectors</span>
+      <span class="article-tag">Least Privilege</span>
+    </a>
+
     <a href="/learn/from-prototype-to-production" class="article-card">
       <h3>From git init to v1.17.0 in 70 days: an honest ThumbGate build log</h3>
       <p>70 days, 112 commits, 17 minor releases, 6k npm downloads, $0 cold-traffic revenue. The unedited story of taking ThumbGate from a one-line repo init to live production — including the part that's still broken.</p>

package/scripts/hook-stop-anti-claim.js

@@ -0,0 +1,288 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * Stop hook: anti-claim enforcement.
+ *
+ * Scans the assistant's most recent turn (assistant text + same-turn tool_use
+ * blocks) and blocks the "deployed / live / done / fixed / ready" claim
+ * unless that same turn included a proof tool call (curl / grep / test).
+ *
+ * Why: CLAUDE.md anti-lying directive ("Never claim fix done until
+ * committed+pushed. Never claim 'ready' without running e2e.") was
+ * aspirational, not enforced. Per CEO 2026-05-13 feedback after a session in
+ * which 5+ unverified claims slipped through, this is the harness-level
+ * enforcement that ends the recurring trust-burn pattern. ThumbGate-on-
+ * ThumbGate dogfood — we are the prevention-rule generator and a perfect
+ * customer for our own gate.
+ *
+ * Wires through .claude/settings.json Stop hooks list. Always exits 0
+ * (informational): the goal is to surface a system reminder in the next
+ * turn so the agent corrects mid-conversation rather than to hard-block
+ * the turn that already happened.
+ *
+ * Stdin: Claude Code passes the hook payload as JSON on stdin. We read
+ * `transcript_path` to locate the JSONL session log and scan the last
+ * assistant message.
+ *
+ * Stdout: any text printed is shown to the agent on the next turn.
+ */
+
+const fs = require('node:fs');
+
+// Lie-phrase patterns. These match common "claim of completion" wording
+// the agent emits without verification. Word-boundary anchored to avoid
+// false positives ("ready-made", "live-streaming", etc).
+const CLAIM_PATTERNS = [
+  /\bis\s+live\b/i,
+  /\bnow\s+live\b/i,
+  /\bgoing\s+live\b/i,
+  /\bdeployed\b(?!\s*(yet|to\s+staging|on\s+a\s+branch))/i,
+  /\b(?:is|are|it'?s)\s+(?:now\s+)?(?:fully\s+)?(?:fixed|resolved|merged|shipped)\b/i,
+  /\bproduction[-\s]ready\b/i,
+  /\beverything\s+(?:is\s+)?(?:done|working|ready)\b/i,
+  /\b(?:github|repo|repository)\s+(?:about|metadata|description|topics?)\b.*\b(?:updated|verified|fixed|match(?:es|ed)?)\b/i,
+  /\b(?:about|metadata|description|topics?)\b.*\b(?:updated|verified|fixed|match(?:es|ed)?)\b.*\b(?:github|repo|repository)\b/i,
+  /\b(?:money|payment|charge|checkout|revenue|price|pricing|invoice|billing|tax|sales tax|inventory|stock|permission|access|customer[-\s]facing)\b.*\b(?:correct|accurate|verified|valid|matches|working|fixed|resolved|calculated|configured)\b/i,
+  /\b(?:correct|accurate|verified|valid|matches|working|fixed|resolved|calculated|configured)\b.*\b(?:money|payment|charge|checkout|revenue|price|pricing|invoice|billing|tax|sales tax|inventory|stock|permission|access|customer[-\s]facing)\b/i,
+];
+
+// Proof-of-verification patterns. If the SAME turn included one of these
+// tool calls or shell command tokens, the claim is considered backed and
+// the hook stays silent.
+const PROOF_PATTERNS = [
+  /\bcurl\b/,
+  /\bgh\s+pr\s+(?:view|checks|status)\b/,
+  /\bgh\s+run\s+view\b/,
+  /\bgh\s+api\b/,
+  /\bnode\s+--test\b/,
+  /\bnpm\s+(?:run\s+)?test\b/,
+  /\bnpm\s+pack\b/,
+  /\bjest\b/,
+  /\bmocha\b/,
+  /\bpytest\b/,
+  /\bplaywright\b/,
+  /\bgrep\b/,
+  /\bstripe\b/,
+  /\bplaid\b/,
+  /\bshopify\b/,
+  /\bsquare\b/,
+  /\bquickbooks\b/,
+  /\bgh\s+api\b/,
+  /\bls\b/,
+  /\bcat\b/,
+  /Read\s*\(/, // Claude Code Read tool call
+  /Bash\s*\(/, // Claude Code Bash tool call
+];
+
+const POSITIVE_FEEDBACK_PATTERNS = [
+  /\bthumbs?\s*up\b/i,
+  /👍/,
+  /\bthank(s| you)\b/i,
+  /\bgood\b/i,
+  /\bgreat\b/i,
+  /\bperfect\b/i,
+  /\bok(?:ay)?\b/i,
+];
+
+const LOW_VALUE_CLOSEOUT_PATTERNS = [
+  /^(?:good|great|perfect|ok(?:ay)?|thanks?|thank you)[.!,\s-]*(?:$|\b)/i,
+  /\buse\s+\w+\s*\/\s*\w+\b/i,
+  /\bsounds good\b/i,
+];
+
+const SUBSTANTIVE_CLOSEOUT_PATTERNS = [
+  /\b(?:evidence|verified|tested|proof|result|residual risk|next state|next action|timestamp|source|url|file|line|passed|failed|blocked|unknown)\b/i,
+  /\b(?:node --test|npm run|curl|gh |git |pytest|playwright|screenshot|diff --check)\b/i,
+  /https?:\/\//i,
+  /\/[\w.-]+\/[\w./-]+/,
+  /`[^`]+`/,
+];
+
+function readTranscriptEntries(transcriptPath) {
+  if (!transcriptPath || !fs.existsSync(transcriptPath)) return [];
+  let content;
+  try {
+    content = fs.readFileSync(transcriptPath, 'utf8');
+  } catch {
+    return [];
+  }
+  return content
+    .trim()
+    .split('\n')
+    .map((raw) => {
+      try {
+        return JSON.parse(raw);
+      } catch {
+        return null;
+      }
+    })
+    .filter(Boolean);
+}
+
+function readLastAssistantTurn(transcriptPath) {
+  const entries = readTranscriptEntries(transcriptPath);
+  // Walk backwards to find the last assistant message
+  for (let i = entries.length - 1; i >= 0; i--) {
+    const entry = entries[i];
+    if (entry.type === 'assistant' && entry.message) {
+      return entry.message;
+    }
+  }
+  return null;
+}
+
+function readPreviousUserText(transcriptPath) {
+  const entries = readTranscriptEntries(transcriptPath);
+  let seenAssistant = false;
+  for (let i = entries.length - 1; i >= 0; i--) {
+    const entry = entries[i];
+    if (!seenAssistant && entry.type === 'assistant') {
+      seenAssistant = true;
+      continue;
+    }
+    if (seenAssistant && entry.type === 'user' && entry.message) {
+      return extractText(entry.message);
+    }
+  }
+  return '';
+}
+
+function extractText(message) {
+  if (!message || !Array.isArray(message.content)) return '';
+  return message.content
+    .filter((b) => b && typeof b.text === 'string')
+    .map((b) => b.text)
+    .join('\n');
+}
+
+function extractToolUseSummary(message) {
+  if (!message || !Array.isArray(message.content)) return '';
+  return message.content
+    .filter((b) => b?.type === 'tool_use')
+    .map((b) => {
+      const name = b.name || 'tool';
+      let summary = '';
+      if (b.input && typeof b.input === 'object') {
+        if (typeof b.input.command === 'string') summary = b.input.command;
+        else if (typeof b.input.file_path === 'string') summary = b.input.file_path;
+        else if (typeof b.input.query === 'string') summary = b.input.query;
+        else summary = JSON.stringify(b.input).slice(0, 200);
+      }
+      return `${name}: ${summary}`;
+    })
+    .join('\n');
+}
+
+function wordCount(text) {
+  return String(text || '').trim().split(/\s+/).filter(Boolean).length;
+}
+
+function hasPositiveFeedback(text) {
+  return POSITIVE_FEEDBACK_PATTERNS.some((p) => p.test(text || ''));
+}
+
+function isLowValueCloseout(text, toolUseSummary = '') {
+  const normalized = String(text || '').trim();
+  if (!normalized) return false;
+  if (toolUseSummary.trim()) return false;
+  if (wordCount(normalized) > 45) return false;
+  if (SUBSTANTIVE_CLOSEOUT_PATTERNS.some((p) => p.test(normalized))) return false;
+  return LOW_VALUE_CLOSEOUT_PATTERNS.some((p) => p.test(normalized));
+}
+
+function findClaim(text) {
+  for (const p of CLAIM_PATTERNS) {
+    const m = text.match(p);
+    if (m) return m[0];
+  }
+  return null;
+}
+
+function hasProof(combined) {
+  return PROOF_PATTERNS.some((p) => p.test(combined));
+}
+
+function readStdinSync() {
+  try {
+    return fs.readFileSync(0, 'utf8');
+  } catch {
+    return '';
+  }
+}
+
+function main() {
+  const raw = readStdinSync();
+  let payload = {};
+  try {
+    payload = raw ? JSON.parse(raw) : {};
+  } catch {
+    payload = {};
+  }
+
+  const transcriptPath = payload.transcript_path || process.env.CLAUDE_TRANSCRIPT_PATH;
+  const message = readLastAssistantTurn(transcriptPath);
+  if (!message) return; // no transcript visible; nothing to check
+
+  const text = extractText(message);
+  const toolUseSummary = extractToolUseSummary(message);
+  const previousUserText = readPreviousUserText(transcriptPath);
+
+  if (hasPositiveFeedback(previousUserText) && isLowValueCloseout(text, toolUseSummary)) {
+    const reminder = [
+      '⚠️ ThumbGate response-quality gate: previous turn answered positive feedback',
+      '   with a low-value social closeout instead of silence-level brevity or an evidence checkpoint.',
+      '   Positive feedback after operational work should trigger either no extra noise,',
+      '   a compact evidence checkpoint, or a concrete next-state update.',
+      '   Do not reply with generic "Good / Great / Use X/Y" filler.',
+    ].join('\n');
+    process.stdout.write(reminder + '\n');
+    return;
+  }
+
+  const claim = findClaim(text);
+  if (!claim) return; // no completion claim made; silent
+
+  const proofText = `${text}\n${toolUseSummary}`;
+  if (hasProof(proofText)) return; // claim backed by proof in same turn
+
+  // Surface a system reminder for the NEXT turn. Do not hard-block.
+  const reminder = [
+    '⚠️ ThumbGate anti-claim gate: previous turn claimed completion',
+    `   ("${claim}") without a proof tool call in the same message.`,
+    '   Per CLAUDE.md anti-lying: never claim "done / live / deployed / fixed"',
+    '   or commercial truth (money / tax / inventory / permissions / customer-facing state)',
+    '   without curl / grep / test / source-of-truth output in the SAME turn.',
+    '   If the work really is verified, re-state the claim with the proof.',
+    '   If not, retract and run the verification before re-asserting.',
+  ].join('\n');
+  process.stdout.write(reminder + '\n');
+}
+
+// Path-resolve check instead of `require.main === module`. SonarCloud's
+// strict type inference (rule S3403) flags the === form as always-false
+// in CommonJS, and CLAUDE.md "Hard-Won Lessons" pins the path-based form
+// as the portable fix (incident 2026-04-21 / PR #1115). Resolve BOTH sides
+// so the comparison is between two normalized absolute paths.
+const path = require('node:path');
+if (path.resolve(process.argv[1] || '') === path.resolve(__filename)) {
+  try {
+    main();
+  } catch {
+    // never crash the agent
+  }
+}
+
+module.exports = {
+  CLAIM_PATTERNS,
+  PROOF_PATTERNS,
+  POSITIVE_FEEDBACK_PATTERNS,
+  LOW_VALUE_CLOSEOUT_PATTERNS,
+  findClaim,
+  hasProof,
+  hasPositiveFeedback,
+  isLowValueCloseout,
+  extractText,
+  extractToolUseSummary,
+  readPreviousUserText,
+};

package/scripts/tool-registry.js

@@ -971,12 +971,12 @@ const TOOLS = [
   }),
   readOnlyTool({
     name: 'verify_claim',
-    description: 'Check whether a claim has enough tracked evidence before the agent asserts it.',
+    description: 'Check whether a claim has enough tracked evidence before the agent asserts it, including tests-pass, commercial truth, GitHub metadata, and anthropomorphic AI claims such as "the model understands" or "the agent decided".',
     inputSchema: {
       type: 'object',
       required: ['claim'],
       properties: {
-        claim: { type: 'string', description: 'The claim text to verify' },
+        claim: { type: 'string', description: 'The claim text to verify before assertion; human-like AI claims require anthropomorphic_claim_verified evidence.' },
         goalContract: GOAL_CONTRACT_SCHEMA,
       },
     },

package/src/api/server.js

@@ -3334,6 +3334,8 @@ function renderSitemapXml(runtimeConfig) {
     { path: '/learn/agentic-os-team-governance', changefreq: 'weekly', priority: '0.85' },
     { path: '/learn/cost-aware-agent-gate-routing', changefreq: 'weekly', priority: '0.85' },
     { path: '/learn/databricks-unity-ai-gateway-runtime-governance', changefreq: 'weekly', priority: '0.85' },
+    { path: '/learn/anthropomorphic-claim-gates', changefreq: 'weekly', priority: '0.85' },
+    { path: '/learn/agent-identity-connector-governance', changefreq: 'weekly', priority: '0.9' },
     { path: '/learn/pretix-stripe-connect-marketplaces', changefreq: 'weekly', priority: '0.9' },
     { path: '/compare/claude-code-hooks', changefreq: 'weekly', priority: '0.85' },
     { path: '/compare/bumblebee', changefreq: 'weekly', priority: '0.85' },