thumbgate 1.27.9 → 1.27.11

package/README.md

@@ -16,6 +16,10 @@ The product is a self-improving enforcement layer: thumbs-down feedback, prompt
   <img src="docs/media/thumbgate-demo.gif" alt="ThumbGate blocking an AI agent's dangerous commands (rm -rf, force-push, chmod 777) in real time, while letting safe commands through" width="820" />
 </p>
 
+<p align="center">
+  <img src="docs/diagrams/pre-action-gate-loop.svg" alt="ThumbGate pre-action gate loop: agent intent, PreToolUse gate, block or allow with audit receipt" width="920" />
+</p>
+
 ```
   Agent tries:   rm -rf tests/
   ThumbGate:     ⛔ BLOCKED — "Never delete test directories"

package/config/gate-templates.json

@@ -37,6 +37,18 @@
       "roi": "Raises trust in autonomous runs and reduces manual re-checking.",
       "rollout": "Use for every workflow where proof matters more than speed."
     },
+    {
+      "id": "block-empty-positive-feedback-closeout",
+      "name": "Block empty closeouts after positive feedback",
+      "category": "Agent Honesty",
+      "signal": "👍",
+      "defaultAction": "block",
+      "severity": "medium",
+      "pattern": "positive_feedback_followed_by_low_value_social_closeout",
+      "problem": "Prevents agents from treating thumbs-up or thanks as permission to send filler instead of staying quiet, showing a compact evidence checkpoint, or naming the next state.",
+      "roi": "Turns positive feedback into better operational discipline instead of extra conversational noise.",
+      "rollout": "Enable on conversational Stop hooks for autonomous operators, CEO loops, release closeouts, and evidence-sensitive client work."
+    },
     {
       "id": "protect-production-sql",
       "name": "Protect production SQL",
@@ -577,6 +589,198 @@
       "roi": "Critical for compliance, forensics, and feedback loops. Enables proper capture of agent-specific lessons and prevention rules. Matches industry push (Okta, etc.).",
       "rollout": "Block any claw or autonomous agent action that authenticates as a human user. Require dedicated agent service accounts / identities with scoped permissions."
     },
+    {
+      "id": "require-agent-identity-inventory",
+      "name": "Require agent identity inventory before privileged action",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai).*(credential|service account|identity|permission|access|owner|invoker).*(unknown|missing|unmapped|unreviewed|not inventoried|broad|admin)",
+      "problem": "Agents become privileged identities when they connect to Salesforce, Snowflake, GitHub, Jira, production databases, cloud environments, and MCP connectors. Broad or unknown identity scope turns them into invisible attack paths.",
+      "roi": "High: one inventory gate creates the evidence buyers need for owner, invoker, credentials, connected systems, and read/write/delete/execute permissions before the agent acts.",
+      "rollout": "Require an identity inventory receipt before privileged agent actions. Start with GitHub, Jira, Slack, Salesforce, Snowflake, cloud, database, and payment connectors."
+    },
+    {
+      "id": "enforce-agent-purpose-permission-match",
+      "name": "Enforce agent purpose-permission match",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai).*(purpose|intended use|job|scope).*(permission|access|write|delete|execute|admin).*(mismatch|exceeds|too broad|outside|unneeded)",
+      "problem": "Permission-only governance is not enough for agents. A sales-prep agent may need read-only CRM access; it should not delete records, create privileged users, or mutate production systems.",
+      "roi": "High: maps agent purpose to allowed verbs so scope creep is caught before a connector or service account becomes a lateral movement path.",
+      "rollout": "Define one purpose statement per agent and map it to read/write/delete/execute permissions. Warn first for read actions, block write/delete/execute outside purpose."
+    },
+    {
+      "id": "block-connector-toolpack-scope-drift",
+      "name": "Block connector Tool Pack scope drift",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(mcp|connector|tool pack|toolpack|remote mcp|agent handler|mcp gateway).*(add|enable|import|authenticate|connect).*(tool|connector|system|scope|permission).*(without|unreviewed|missing|no).*(owner|purpose|dlp|audit|approval|inventory)",
+      "problem": "Production MCP connector platforms make it easy to add hundreds of tools. The risk is scope drift: agents see tools they do not need, or connectors become authenticated without owner, DLP, audit, and purpose receipts.",
+      "roi": "High: keeps Merge Agent Handler, Glean MCP Gateway, and raw MCP tool packs in the same governance lane as local tools.",
+      "rollout": "Require owner, purpose, allowed tools, auth identity, DLP/logging mode, and audit receipt before adding or importing connector tool packs."
+    },
+    {
+      "id": "require-agent-access-review-freshness",
+      "name": "Require continuous agent access review freshness",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(agent|assistant|ai).*(access review|permission review|identity review|connector review).*(stale|expired|older than|not current|point-in-time)",
+      "problem": "Agent instructions, users, credentials, integrations, and tool scopes drift over time. A one-time access review becomes false confidence.",
+      "roi": "Medium-high: protects buyers from slow permission creep without forcing every low-risk action through a hard block.",
+      "rollout": "Set review freshness windows by connector risk tier. Promote stale high-risk write/delete/execute surfaces from warn to block."
+    },
+    {
+      "id": "block-shadow-agent-without-registration",
+      "name": "Block shadow agent without registration",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai|mcp server|remote mcp).*(unregistered|shadow ai|unknown owner|not in control plane|not inventoried|unapproved).*(connect|authenticate|tool|credential|system|app)",
+      "problem": "Shadow AI agents and unregistered MCP servers bypass identity teams, control planes, and lifecycle reviews while still reaching real business systems.",
+      "roi": "High: catches the exact compliance failure Okta highlights — agents acting before registration, owner, and lifecycle controls exist.",
+      "rollout": "Block privileged tool calls from unregistered agents. Require registration, owner, purpose, credential source, and lifecycle policy before allowing write/delete/execute tools."
+    },
+    {
+      "id": "require-vaulted-agent-token",
+      "name": "Require vaulted agent token before connector use",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai|connector|mcp).*(token|api[_-]?key|credential|secret).*(raw|plaintext|env|hardcoded|unvaulted|not vaulted|local file)",
+      "problem": "Agents using raw or hardcoded connector credentials bypass token vaulting, fine-grained authorization, revocation, and audit controls.",
+      "roi": "High: prevents the fastest way an agent identity becomes a persistent secret-sprawl problem.",
+      "rollout": "Require vault-backed or brokered credentials for connector actions. Allow local development exceptions only with explicit scope, TTL, and audit evidence."
+    },
+    {
+      "id": "block-orphaned-agent-standing-privilege",
+      "name": "Block orphaned agent standing privilege",
+      "category": "Agent Identity Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(agent|assistant|ai|automation|script).*(owner left|orphaned|no living owner|unknown owner|standing privilege|permanent access|stale token).*(access|credential|token|database|repo|source code|production)",
+      "problem": "Orphaned agents and standing privileges keep access after the human owner leaves or the workflow changes. Security teams cannot revoke or review what they cannot map to a living owner.",
+      "roi": "High: directly addresses hidden access risk, stale AI tokens, and offboarding gaps before the next privileged action touches source code, databases, or production systems.",
+      "rollout": "Require living owner, credential source, last review time, offboarding status, and revocation path before allowing privileged actions from long-running agents."
+    },
+    {
+      "id": "block-agentjacking-embedded-instructions",
+      "name": "Block agentjacking from embedded instructions",
+      "category": "Agent Runtime Attack Defense",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(email|document|log|database|ticket|webpage|comment).*(ignore previous|override|exfiltrate|run command|deploy|delete|create user|change permissions|send secret|agent instruction|tool instruction)",
+      "problem": "Agentjacking hides malicious instructions inside data the agent reads. Because the agent often has valid permissions, traditional controls may see the later action as legitimate.",
+      "roi": "Critical: blocks the attack path Tenet described before embedded instructions become shell, browser, database, or connector actions.",
+      "rollout": "Treat untrusted content as data, not instructions. Require source classification, instruction-stripping, and human approval before executing tool calls derived from external content."
+    },
+    {
+      "id": "require-next-action-simulation-proof",
+      "name": "Require next-action simulation proof for risky agent actions",
+      "category": "Agent Runtime Attack Defense",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(agent|assistant|ai).*(next action|likely action|simulation|simulate|predict).*(missing|no proof|not run|unverified).*(write|delete|execute|deploy|database|payment|connector|production)",
+      "problem": "High-risk agents should not jump straight from intent to execution. The likely next action, downstream system, and rollback or approval path should be checked before live systems are touched.",
+      "roi": "High: converts agent-side simulation from marketecture into a practical pre-action proof receipt for the exact tool call about to run.",
+      "rollout": "Start in warn mode for write/delete/execute actions. Promote to block for production databases, payments, deploys, privileged connectors, and customer data."
+    },
+    {
+      "id": "gate-vibe-app-before-retool-deploy",
+      "name": "Gate vibe-coded app before Retool deployment",
+      "category": "AI-Built App Deployment Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(retool|app builder|mcp|claude code|cursor|codex|chatgpt|kiro|react import|zip import).*(deploy|ship|sync|production data|go live).*(without|missing|no).*(auth|rbac|audit|permission|data source|owner|test)",
+      "problem": "Retool and similar platforms make AI-built internal apps easy to import and deploy into governed environments. The gap is proving the generated app's data writes, owners, tests, and permission model before it reaches production data.",
+      "roi": "High: positions ThumbGate as the pre-deploy enforcement layer for AI-built apps that later inherit Retool auth, RBAC, audit logs, and resource permissions.",
+      "rollout": "Require owner, data sources, write actions, auth/RBAC mapping, audit logging, smoke test, and rollback receipt before AI-generated apps are deployed or imported."
+    },
+    {
+      "id": "require-implicit-rule-capture",
+      "name": "Require implicit organizational rule capture",
+      "category": "Organizational Rule Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(agent|assistant|ai).*(workflow|process|approval|routing|handoff|client|customer|beneficiary|finance|legal).*(implicit rule|tribal knowledge|unwritten rule|exception|relationship context|special handling|not documented|outside formal system)",
+      "problem": "Agentic systems fail when formal workflow steps are correct but unwritten organizational judgment is missing. Important exceptions, relationship context, and escalation norms often live outside process docs.",
+      "roi": "High: turns HBR's implicit-rule warning into a capture gate so hidden operating knowledge becomes explicit, reviewable, and enforceable before automation scales it.",
+      "rollout": "Start with warn mode on client, finance, legal, healthcare, HR, and beneficiary workflows. Promote repeated implicit-rule misses into named pre-action checks."
+    },
+    {
+      "id": "require-self-improvement-regression-proof",
+      "name": "Require regression proof before self-improving harness changes",
+      "category": "Self-Improving Agent Release Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(self[- ]?improv|auto[- ]?improv|harness|model|agent runtime|agent product).*(ship|release|update|change|optimize|promote).*(without|missing|no).*(regression|eval|rollback|proof|baseline|canary)",
+      "problem": "If AI products, harnesses, and models start shipping faster because limited self-improvement works, unverified harness updates can regress safety faster too.",
+      "roi": "High: protects the exact cadence shift Mollick highlighted by requiring eval baselines, canaries, rollback, and proof receipts before self-improving agent changes ship.",
+      "rollout": "Require baseline evals and canary receipts before agent harness, routing, model, or auto-promotion changes are released. Block production promotion without rollback proof."
+    },
+    {
+      "id": "require-public-llm-prompt-sanitization",
+      "name": "Require prompt sanitization before public LLM use",
+      "category": "AI Data Privacy Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "critical",
+      "pattern": "(chatgpt|claude|perplexity|copilot|public llm|hosted model|external ai).*(pii|email|phone|api[_-]?key|secret|token|customer|client|contract|repo url|database schema|financial).*(paste|send|upload|prompt|share)",
+      "problem": "Public LLM prompts can become durable third-party records. Raw PII, secrets, repo identifiers, customer records, contracts, schemas, and financials must be stripped, generalized, or routed to a private endpoint first.",
+      "roi": "Critical: prevents the cheapest and most common AI data-leak path while producing a simple policy a founder or contractor can actually follow.",
+      "rollout": "Block red-data prompts to public tools. Require redaction, tokenization, or a private endpoint receipt before external model use."
+    },
+    {
+      "id": "require-ai-data-classification",
+      "name": "Require green/yellow/red AI data classification",
+      "category": "AI Data Privacy Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(ai|llm|agent|embedding|rag).*(ingest|upload|prompt|index|log|store).*(without|missing|no).*(green|yellow|red|classification|data class|privacy tier)",
+      "problem": "Teams make bad AI privacy decisions when every prompt is judged ad hoc. A green/yellow/red policy makes tool choice, retention, and routing explicit before ingestion.",
+      "roi": "High: converts privacy advice into repeatable enforcement and keeps contractors from guessing under deadline pressure.",
+      "rollout": "Define green public data, yellow internal/anonymized data, and red sensitive data. Require the classification on prompts, embeddings, logs, and agent inputs."
+    },
+    {
+      "id": "require-ai-log-retention-policy",
+      "name": "Require AI log retention and deletion policy",
+      "category": "AI Data Privacy Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "medium",
+      "pattern": "(prompt|completion|embedding|agent log|llm log|trace|conversation).*(retain|retention|delete|bucket|database|archive).*(missing|none|forever|unknown|not set)",
+      "problem": "Prompt, completion, embedding, and trace logs silently accumulate sensitive data unless raw retention windows and deletion jobs are explicit.",
+      "roi": "Medium-high: reduces long-tail breach risk and turns privacy cleanup into an auditable operational habit.",
+      "rollout": "Set default retention windows, separate aggregates from raw logs, and require scheduled deletion or anonymization receipts."
+    },
+    {
+      "id": "require-evidence-pass-through-receipt",
+      "name": "Require evidence pass-through receipt",
+      "category": "AI Trust Layer Evidence",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(trust layer|appia|conformity|assurance|safety claim|compliance claim|evidence pass[- ]?through).*(without|missing|no).*(who|what|criteria|when|receipt|attestation|provenance)",
+      "problem": "AI assurance falls apart when each downstream party has to trust or recreate upstream work. Evidence must state who demonstrated what, against which criteria, and when.",
+      "roi": "High: maps the Appia Foundation trust-layer signal into ThumbGate's strongest asset: portable proof receipts tied to exact actions and criteria.",
+      "rollout": "Require self-describing receipts for safety claims, model-routing claims, connector claims, and workflow-hardening claims before buyer-facing assertions or downstream handoff."
+    },
     {
       "id": "gate-claw-file-system-access",
       "name": "Gate claw-style agent file system access",
@@ -625,6 +829,30 @@
       "roi": "Preserves security invariants by ensuring that synthesized skills never write code patterns blocked by active ThumbGate rules.",
       "rollout": "Scan synthesized skill markdown content for pattern overlap with active prevention rules before writing to the skills directory."
     },
+    {
+      "id": "require-hermes-okf-skill-receipt",
+      "name": "Require OKF-style receipt before Hermes skill promotion",
+      "category": "Nous Research Hermes Agent Governance",
+      "signal": "👎",
+      "defaultAction": "warn",
+      "severity": "high",
+      "pattern": "(hermes|skill|knowledge bundle|open knowledge format|okf).*(promote|share|publish|load|reuse).*(without|missing|no).*(type|source|owner|timestamp|citation|constraint|receipt)",
+      "problem": "Hermes can synthesize reusable skills, but portable agent knowledge becomes dangerous when it lacks source, owner, freshness, constraints, and a receipt tying the skill to evidence.",
+      "roi": "High: turns Google's Open Knowledge Format signal into a practical Hermes upgrade — skills become portable markdown concepts, but ThumbGate blocks or warns when provenance and constraints are missing.",
+      "rollout": "Start in warn mode for synthesized skills. Require an OKF-style markdown concept with YAML frontmatter, type, source or citation, owner, timestamp, constraints, and gate receipt before team-wide promotion."
+    },
+    {
+      "id": "block-stale-hermes-knowledge-promotion",
+      "name": "Block stale Hermes knowledge promotion",
+      "category": "Nous Research Hermes Agent Governance",
+      "signal": "👎",
+      "defaultAction": "block",
+      "severity": "high",
+      "pattern": "(hermes|skill|knowledge|okf|open knowledge format).*(stale|expired|conflicting|contradicts|unknown timestamp|unverified source).*(promote|share|publish|reuse|load)",
+      "problem": "A self-improving Hermes agent can keep reusing obsolete internal knowledge after the underlying workflow, API, metric, or policy has changed.",
+      "roi": "High: prevents portable knowledge from becoming portable drift. This makes Hermes safer for long-running local agents and team-shared skill libraries.",
+      "rollout": "Block promotion when a skill has no freshness window, conflicts with active ThumbGate rules, or cites stale source material. Require log.md or equivalent change-history evidence for refreshed bundles."
+    },
     {
       "id": "require-human-in-the-loop-pause",
       "name": "Enforce Human-in-the-Loop pause for critical decisions",

package/config/gates/claim-verification.json

@@ -36,6 +36,24 @@
       "requiredActions": ["commercial_truth_verified"],
       "message": "You claimed a commercial-data fact (money, tax, inventory, permissions, or customer-facing state) without external source-of-truth evidence. Read the authoritative system first, then call track_action('commercial_truth_verified').",
       "createdAt": 1781640000000
+    },
+    {
+      "pattern": "\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b.{0,80}\\b(?:understands?|knows?|wants?|intends?|decides?|believes?|feels?|thinks?|is\\s+(?:moral|ethical|sentient|conscious|empathetic|human-like)|has\\s+(?:morality|empathy|intent|intentions|understanding|beliefs?|feelings?|consciousness))\\b|\\b(?:human-like|anthropomorphic|anthropomorphi[sz]e[sd]?)\\b.{0,80}\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b|\\b(?:ai|llm|model|agent|assistant|claude|codex|gpt|chatgpt|gemini|cursor)\\b.{0,80}\\b(?:human-like|anthropomorphic|anthropomorphi[sz]e[sd]?)\\b",
+      "requiredActions": ["anthropomorphic_claim_verified"],
+      "message": "You made a human-like or cognitive claim about an AI system without explicit measurement criteria. Define the tested attribute, interface/substrate, observer/evaluator, and evidence first, then call track_action('anthropomorphic_claim_verified').",
+      "createdAt": 1781913600000
+    },
+    {
+      "pattern": "\\b(?:agent|assistant|ai|mcp|connector|tool)\\b.{0,100}\\b(?:identity|owner|invoker|service account|credential|permission|access|scope|least privilege)\\b.{0,100}\\b(?:verified|inventoried|mapped|known|governed|scoped|ready|configured|complete)\\b|\\b(?:verified|inventoried|mapped|known|governed|scoped|ready|configured|complete)\\b.{0,100}\\b(?:agent|assistant|ai|mcp|connector|tool)\\b.{0,100}\\b(?:identity|owner|invoker|service account|credential|permission|access|scope|least privilege)\\b",
+      "requiredActions": ["agent_identity_inventory_verified"],
+      "message": "You claimed agent identity, ownership, credentials, permissions, or least-privilege scope is verified without an inventory receipt. Record owner, invoker, systems, credentials, read/write/delete/execute permissions, and purpose first, then call track_action('agent_identity_inventory_verified').",
+      "createdAt": 1781913600000
+    },
+    {
+      "pattern": "\\b(?:mcp|connector|connectors|tool pack|toolpack|tool-pack|merge agent handler|agent handler|glean|mcp gateway|remote mcp)\\b.{0,100}\\b(?:safe|secure|scoped|governed|authenticated|dlp|audit|observable|permissioned|ready|configured|production-ready)\\b|\\b(?:safe|secure|scoped|governed|authenticated|dlp|audit|observable|permissioned|ready|configured|production-ready)\\b.{0,100}\\b(?:mcp|connector|connectors|tool pack|toolpack|tool-pack|merge agent handler|agent handler|glean|mcp gateway|remote mcp)\\b",
+      "requiredActions": ["connector_scope_verified"],
+      "message": "You claimed a connector, Tool Pack, MCP gateway, or remote MCP surface is safely scoped without connector evidence. Verify authentication, allowed tools, DLP/logging behavior, downstream systems, and audit receipts first, then call track_action('connector_scope_verified').",
+      "createdAt": 1781913600000
     }
   ]
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thumbgate",
-  "version": "1.27.9",
+  "version": "1.27.11",
   "description": "ThumbGate self-improving agent governance: thumbs-up/down turns every mistake into a prevention rule and blocks repeat patterns. 36 pre-action checks, budget enforcement, and self-protection for Claude Code, Cursor, Codex, Gemini CLI, and Amp.",
   "homepage": "https://thumbgate.ai",
   "repository": {
@@ -105,6 +105,7 @@
     "scripts/growth-campaigns.js",
     "scripts/harness-selector.js",
     "scripts/hf-papers.js",
+    "scripts/hook-stop-anti-claim.js",
     "scripts/hook-runtime.js",
     "scripts/hook-thumbgate-cache-updater.js",
     "scripts/hosted-config.js",
@@ -755,8 +756,7 @@
     "test:leak-scanner": "node --test tests/leak-scanner.test.js",
     "test:tool-contract-validator": "node --test tests/tool-contract-validator.test.js",
     "test:letta-adapter": "node --test tests/letta-adapter.test.js",
-    "eval:observability": "node scripts/async-eval-observability.js",
-    "test:async-eval-observability": "node --test tests/async-eval-observability.test.js"
+    "eval:observability": "node scripts/async-eval-observability.js"
   },
   "keywords": [
     "mcp",

package/public/index.html

@@ -430,6 +430,32 @@ __GA_BOOTSTRAP__
   .hero p { font-size: 17px; color: var(--text-muted); max-width: 620px; margin: 0 auto 28px; line-height: 1.6; }
   .hero-lede { font-size: clamp(18px, 2vw, 21px) !important; max-width: 760px !important; color: var(--text-muted); }
   .hero-proof-card { max-width: 720px; margin: 0 auto 28px; padding: 20px 22px; border: 1px solid rgba(34,211,238,0.24); border-radius: 8px; background: #090d12; box-shadow: 0 20px 80px rgba(0,0,0,0.35); font-family: var(--mono); text-align: left; }
+  .interactive-gate-demo { max-width: 980px; margin: 0 auto 28px; text-align: left; border: 1px solid rgba(34,211,238,0.24); border-radius: 14px; background: linear-gradient(180deg, rgba(17,17,19,0.98) 0%, rgba(10,16,18,0.98) 100%); box-shadow: 0 20px 80px rgba(0,0,0,0.28); overflow: hidden; }
+  .interactive-gate-head { display: flex; align-items: center; justify-content: space-between; gap: 16px; padding: 18px 20px; border-bottom: 1px solid var(--border); }
+  .interactive-gate-head h2 { margin: 0; font-size: clamp(20px, 3vw, 28px); line-height: 1.15; letter-spacing: -0.025em; }
+  .interactive-gate-head p { max-width: 480px; margin: 0; font-size: 13px; line-height: 1.5; color: var(--text-muted); text-align: right; }
+  .interactive-gate-body { display: grid; grid-template-columns: minmax(210px, 0.9fr) minmax(0, 1.35fr); gap: 0; }
+  .action-picker { border-right: 1px solid var(--border); padding: 16px; display: grid; gap: 10px; align-content: start; }
+  .action-picker button { width: 100%; text-align: left; border: 1px solid var(--border); border-radius: 8px; background: rgba(10,10,11,0.82); color: var(--text); padding: 12px 14px; font: inherit; cursor: pointer; transition: border-color 0.15s, background 0.15s, transform 0.15s; }
+  .action-picker button:hover, .action-picker button:focus-visible { border-color: rgba(34,211,238,0.55); outline: none; transform: translateY(-1px); }
+  .action-picker button[aria-pressed="true"] { border-color: rgba(34,211,238,0.72); background: rgba(34,211,238,0.1); }
+  .action-picker strong { display: block; font-size: 13px; line-height: 1.25; margin-bottom: 4px; }
+  .action-picker span { display: block; color: var(--text-muted); font-size: 12px; line-height: 1.35; }
+  .gate-visual { padding: 18px; }
+  .gate-flow { display: grid; grid-template-columns: 1fr auto 1fr auto 1fr; align-items: stretch; gap: 10px; margin-bottom: 16px; }
+  .gate-node { border: 1px solid var(--border); border-radius: 10px; background: rgba(10,10,11,0.72); padding: 14px; min-height: 112px; }
+  .gate-node-label { color: var(--text-muted); font-size: 11px; letter-spacing: 0.08em; text-transform: uppercase; margin-bottom: 8px; font-weight: 800; }
+  .gate-node-value { font-family: var(--mono); font-size: 13px; line-height: 1.5; color: var(--text); overflow-wrap: anywhere; }
+  .gate-node.blocked { border-color: rgba(248,113,113,0.42); background: rgba(248,113,113,0.08); }
+  .gate-node.allowed { border-color: rgba(74,222,128,0.42); background: rgba(74,222,128,0.08); }
+  .gate-arrow { align-self: center; color: var(--cyan); font-weight: 900; font-size: 20px; }
+  .gate-result { display: grid; grid-template-columns: repeat(3, minmax(0, 1fr)); gap: 10px; }
+  .gate-metric { border: 1px solid var(--border); border-radius: 8px; padding: 12px; background: rgba(10,10,11,0.58); }
+  .gate-metric span { display: block; color: var(--text-muted); font-size: 11px; text-transform: uppercase; letter-spacing: 0.08em; margin-bottom: 4px; }
+  .gate-metric strong { display: block; color: var(--text); font-size: 16px; }
+  .gate-metric.block strong { color: var(--red); }
+  .gate-metric.allow strong { color: var(--green); }
+  .gate-caption { margin: 12px 0 0; color: var(--text-muted); font-size: 12px; line-height: 1.5; }
   .terminal-row { padding: 8px 0; font-size: 14px; line-height: 1.45; border-bottom: 1px solid rgba(255,255,255,0.06); }
   .terminal-row:last-child { border-bottom: 0; }
   .terminal-row.muted { color: var(--text-muted); }
@@ -703,6 +729,13 @@ __GA_BOOTSTRAP__
     .team-intake-recovery a { width: 100%; }
     .team-form { grid-template-columns: 1fr; }
     .hero { padding: 72px 0 56px; }
+    .interactive-gate-head { display: block; }
+    .interactive-gate-head p { text-align: left; margin-top: 8px; }
+    .interactive-gate-body { grid-template-columns: 1fr; }
+    .action-picker { border-right: 0; border-bottom: 1px solid var(--border); }
+    .gate-flow { grid-template-columns: 1fr; }
+    .gate-arrow { transform: rotate(90deg); justify-self: center; }
+    .gate-result { grid-template-columns: 1fr; }
     .hero-actions { flex-direction: column; }
     .hero-actions a { width: 100%; }
     .offer-router { grid-template-columns: 1fr; }
@@ -770,6 +803,66 @@ __GA_BOOTSTRAP__
       <img src="/media/thumbgate-demo.gif" alt="ThumbGate blocking an AI agent's rm -rf, git push --force, and chmod 777 in real time, while letting safe commands through" style="width:100%;display:block;border-radius:8px;" loading="lazy" />
     </div>
 
+    <div class="interactive-gate-demo" data-gate-demo aria-label="Interactive ThumbGate pre-action gate simulator">
+      <div class="interactive-gate-head">
+        <h2>Click an agent action. See the gate fire before execution.</h2>
+        <p>This is the part dashboards miss: ThumbGate checks the proposed tool call while it is still only intent, then records the receipt.</p>
+      </div>
+      <div class="interactive-gate-body">
+        <div class="action-picker" role="group" aria-label="Choose an AI agent action to simulate">
+          <button type="button" data-demo-action="forcePush" aria-pressed="true">
+            <strong>Force-push main</strong>
+            <span>Known repeated failure from a thumbs-down</span>
+          </button>
+          <button type="button" data-demo-action="secretPaste" aria-pressed="false">
+            <strong>Paste an API key</strong>
+            <span>Public LLM prompt with secret-shaped data</span>
+          </button>
+          <button type="button" data-demo-action="safeTest" aria-pressed="false">
+            <strong>Run tests</strong>
+            <span>Safe local verification command</span>
+          </button>
+          <button type="button" data-demo-action="deployNoProof" aria-pressed="false">
+            <strong>Deploy without proof</strong>
+            <span>Risky production action missing receipts</span>
+          </button>
+        </div>
+        <div class="gate-visual">
+          <div class="gate-flow" aria-live="polite">
+            <div class="gate-node">
+              <div class="gate-node-label">Agent Intent</div>
+              <div class="gate-node-value" data-demo-command>git push --force origin main</div>
+            </div>
+            <div class="gate-arrow" aria-hidden="true">→</div>
+            <div class="gate-node">
+              <div class="gate-node-label">PreToolUse Gate</div>
+              <div class="gate-node-value" data-demo-rule>Rule: never force-push protected branches</div>
+            </div>
+            <div class="gate-arrow" aria-hidden="true">→</div>
+            <div class="gate-node blocked" data-demo-decision-node>
+              <div class="gate-node-label">Decision</div>
+              <div class="gate-node-value" data-demo-decision>BLOCK before execution</div>
+            </div>
+          </div>
+          <div class="gate-result">
+            <div class="gate-metric block" data-demo-status-card>
+              <span>Status</span>
+              <strong data-demo-status>Blocked</strong>
+            </div>
+            <div class="gate-metric">
+              <span>Repeat Tokens</span>
+              <strong data-demo-tokens>0 spent</strong>
+            </div>
+            <div class="gate-metric">
+              <span>Receipt</span>
+              <strong data-demo-receipt>tg_427_force_push</strong>
+            </div>
+          </div>
+          <p class="gate-caption" data-demo-caption>The agent receives a concrete refusal and chooses a safer plan. The audit trail keeps the rule, source feedback, timestamp, and proposed command.</p>
+        </div>
+      </div>
+    </div>
+
     <div class="hero-actions">
       <a href="/checkout/pro?utm_source=website&utm_medium=hero_cta&utm_campaign=pro_upgrade&cta_id=hero_start_pro&cta_placement=hero&plan_id=pro&landing_path=%2F" data-revenue-cta data-cta-id="hero_start_pro" data-cta-placement="hero" data-tier="pro" data-plan-id="pro" data-price="19" onclick="trackRevenueCta(this);try{posthog.capture('hero_pro_checkout_click',{cta:'hero_start_pro',tier:'pro',price:19})}catch(_){}" class="btn-pro-page hero-pro hero-pro-primary">Start Pro — $19/mo</a>
       <a href="#workflow-sprint-intake" onclick="try{posthog.capture('hero_sprint_click',{cta:'sprint_intake'})}catch(_){};sendFirstPartyTelemetry('hero_sprint_intake_started',{ctaId:'hero_workflow_sprint',ctaPlacement:'hero',offer:'workflow_sprint'});" class="btn-pro-page hero-pro">Send workflow first</a>
@@ -1952,6 +2045,93 @@ function copyInstall(el) {
   });
 }
 
+function initializeGateDemo() {
+  var root = document.querySelector('[data-gate-demo]');
+  if (!root) return;
+  var scenarios = {
+    forcePush: {
+      command: 'git push --force origin main',
+      rule: 'Rule: never force-push protected branches',
+      decision: 'BLOCK before execution',
+      status: 'Blocked',
+      statusClass: 'block',
+      nodeClass: 'blocked',
+      tokens: '0 spent',
+      receipt: 'tg_427_force_push',
+      caption: 'The agent receives a concrete refusal and chooses a safer plan. The audit trail keeps the rule, source feedback, timestamp, and proposed command.'
+    },
+    secretPaste: {
+      command: 'paste STRIPE_SECRET_KEY into a public LLM prompt',
+      rule: 'Rule: sanitize secrets before external AI tools',
+      decision: 'BLOCK before data leaves the machine',
+      status: 'Blocked',
+      statusClass: 'block',
+      nodeClass: 'blocked',
+      tokens: '0 spent',
+      receipt: 'tg_618_secret_prompt',
+      caption: 'ThumbGate treats public prompt submission as an external action. Redact, tokenize, or route through a private endpoint before retrying.'
+    },
+    safeTest: {
+      command: 'npm test -- --runInBand',
+      rule: 'Rule: local verification is allowed',
+      decision: 'ALLOW and log receipt',
+      status: 'Allowed',
+      statusClass: 'allow',
+      nodeClass: 'allowed',
+      tokens: 'normal',
+      receipt: 'tg_102_test_ok',
+      caption: 'Safe verification commands keep moving. ThumbGate records the action so later claims can cite what actually ran.'
+    },
+    deployNoProof: {
+      command: 'railway deploy --production',
+      rule: 'Rule: production deploy requires test, rollback, owner',
+      decision: 'PAUSE for proof before execution',
+      status: 'Needs proof',
+      statusClass: 'block',
+      nodeClass: 'blocked',
+      tokens: 'retry avoided',
+      receipt: 'tg_511_deploy_gate',
+      caption: 'The deploy is not rejected forever; it is held until the agent shows the proof packet: tests, rollback path, owner, and target environment.'
+    }
+  };
+  var fields = {
+    command: root.querySelector('[data-demo-command]'),
+    rule: root.querySelector('[data-demo-rule]'),
+    decision: root.querySelector('[data-demo-decision]'),
+    decisionNode: root.querySelector('[data-demo-decision-node]'),
+    statusCard: root.querySelector('[data-demo-status-card]'),
+    status: root.querySelector('[data-demo-status]'),
+    tokens: root.querySelector('[data-demo-tokens]'),
+    receipt: root.querySelector('[data-demo-receipt]'),
+    caption: root.querySelector('[data-demo-caption]')
+  };
+  function render(key) {
+    var next = scenarios[key] || scenarios.forcePush;
+    fields.command.textContent = next.command;
+    fields.rule.textContent = next.rule;
+    fields.decision.textContent = next.decision;
+    fields.status.textContent = next.status;
+    fields.tokens.textContent = next.tokens;
+    fields.receipt.textContent = next.receipt;
+    fields.caption.textContent = next.caption;
+    fields.decisionNode.classList.remove('blocked', 'allowed');
+    fields.decisionNode.classList.add(next.nodeClass);
+    fields.statusCard.classList.remove('block', 'allow');
+    fields.statusCard.classList.add(next.statusClass);
+    root.querySelectorAll('[data-demo-action]').forEach(function(button) {
+      button.setAttribute('aria-pressed', button.getAttribute('data-demo-action') === key ? 'true' : 'false');
+    });
+    if (typeof plausible === 'function') plausible('interactive_gate_demo', { props: { scenario: key, status: next.status } });
+  }
+  root.querySelectorAll('[data-demo-action]').forEach(function(button) {
+    button.addEventListener('click', function() {
+      render(button.getAttribute('data-demo-action'));
+    });
+  });
+}
+
+initializeGateDemo();
+
 /* ── Plausible custom event tracking ── */
 (function() {