thumbgate 1.27.9 → 1.27.11

package/public/learn/agent-identity-connector-governance.html

@@ -0,0 +1,146 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Agent Identity and Connector Governance — ThumbGate</title>
+<meta name="description" content="How ThumbGate gates AI agent identities, MCP connectors, Tool Packs, service accounts, DLP, audit logs, and purpose-permission scope before agents act.">
+<link rel="canonical" href="https://thumbgate.ai/learn/agent-identity-connector-governance">
+<link rel="llm-context" href="/llm-context.md" type="text/markdown">
+<link rel="icon" type="image/png" href="/thumbgate-icon.png">
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta property="og:title" content="Agent Identity and Connector Governance">
+<meta property="og:description" content="Agents with connectors are identities. Gate owner, invoker, credentials, permissions, DLP, audit, and purpose before the next tool call.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/agent-identity-connector-governance">
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Agent Identity and Connector Governance",
+  "description": "A ThumbGate implementation pattern for treating AI agents and MCP connector tool packs as governed identities with owner, purpose, credentials, permissions, DLP, and audit evidence.",
+  "datePublished": "2026-06-20",
+  "dateModified": "2026-06-20",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "url": "https://thumbgate.ai/learn/agent-identity-connector-governance",
+  "about": [
+    "AI agent identity",
+    "MCP connector governance",
+    "least privilege",
+    "agent audit trails"
+  ]
+}
+</script>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "Is Glean a ThumbGate competitor?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Glean is adjacent, not a direct replacement. Glean is a Work AI platform with enterprise search, agents, connectors, governance, orchestration, and an MCP gateway. ThumbGate is a local-first pre-action enforcement layer for agent tool calls, repeated-failure memory, and proof gates across developer and MCP workflows."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "How does Merge Agent Handler relate to ThumbGate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Merge Agent Handler provides production-ready MCP connectors, authentication, scoped access, DLP, observability, and audit logs. ThumbGate complements it by gating whether the next tool call or connector addition matches the agent's owner, purpose, identity, and scope."
+      }
+    }
+  ]
+}
+</script>
+<style>
+  *, *::before, *::after { box-sizing: border-box; }
+  body { margin: 0; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif; background: #0a0a0b; color: #ececf0; line-height: 1.65; }
+  nav { display: flex; gap: 22px; align-items: center; padding: 16px 28px; border-bottom: 1px solid #242428; }
+  nav a { color: #a7a7b1; text-decoration: none; font-size: 0.95rem; }
+  nav a:hover { color: #22d3ee; }
+  .brand { color: #fff; font-weight: 700; display: inline-flex; gap: 8px; align-items: center; }
+  .brand img { width: 28px; height: 28px; }
+  main { max-width: 900px; margin: 0 auto; padding: 48px 22px 72px; }
+  h1 { font-size: clamp(2rem, 5vw, 3.55rem); line-height: 1.06; margin: 0 0 18px; max-width: 800px; }
+  h2 { color: #22d3ee; font-size: 1.45rem; margin: 42px 0 14px; }
+  p { margin: 0 0 16px; color: #d6d6de; }
+  a { color: #67e8f9; }
+  .lede { color: #a7a7b1; font-size: 1.15rem; max-width: 760px; }
+  .callout, .card { border: 1px solid #303039; background: #151518; border-radius: 8px; padding: 22px; }
+  .grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 18px; margin: 24px 0; }
+  .card { background: #111114; padding: 18px; }
+  .card strong { display: block; color: #fff; margin-bottom: 8px; }
+  code, pre { font-family: "SF Mono", "Cascadia Code", "JetBrains Mono", Consolas, monospace; }
+  pre { overflow-x: auto; background: #050506; border: 1px solid #25252a; border-radius: 8px; padding: 18px; color: #d7f9ff; }
+  .source-note { color: #8f8f99; font-size: 0.92rem; }
+  .cta { display: inline-block; margin-top: 16px; padding: 11px 18px; border-radius: 8px; background: #22d3ee; color: #031114; text-decoration: none; font-weight: 700; }
+  @media (max-width: 720px) { nav { padding: 14px 18px; gap: 14px; flex-wrap: wrap; } main { padding-top: 32px; } .grid { grid-template-columns: 1fr; } }
+</style>
+</head>
+<body>
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" width="28" height="28">ThumbGate</a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/compare/databricks-unity-ai-gateway">Runtime governance</a>
+</nav>
+<main>
+  <h1>Agents with connectors are identities</h1>
+  <p class="lede">Once an AI agent can authenticate to GitHub, Jira, Slack, Salesforce, Snowflake, cloud, databases, or remote MCP tool packs, it is no longer just a chatbot. It is an actor with credentials, permissions, owners, purpose, and drift.</p>
+
+  <div class="callout">
+    <p><strong>The high-ROI lesson:</strong> treat every agent as an identity and every connector bundle as a scoped permission set. ThumbGate gates the moment before the next action: is this tool call inside the agent's declared purpose, identity, and connector scope?</p>
+    <p class="source-note">Source signals: BleepingComputer/Token Security argued on June 19, 2026 that AI agents are becoming first-class identities; Merge Agent Handler positions production MCP connectors with authentication, scoped access, DLP, observability, and audit logs; Glean positions Work AI with agents, governance, orchestration, connectors, and MCP Gateway; Okta's AI identity checklist frames secure-by-design agent patterns around token vaulting, fine-grained authorization, human-in-the-loop oversight, shadow AI discovery, registration, and lifecycle management.</p>
+  </div>
+
+  <h2>What ThumbGate now gates</h2>
+  <div class="grid">
+    <div class="card"><strong>Identity inventory</strong> Owner, invoker, credential or service account, connected systems, and allowed verbs.</div>
+    <div class="card"><strong>Purpose-permission match</strong> A sales prep agent should not delete database tables or create privileged users.</div>
+    <div class="card"><strong>Connector Tool Pack scope</strong> Remote MCP and connector bundles need allowed tools, auth identity, DLP, audit, and downstream-system evidence.</div>
+    <div class="card"><strong>Review freshness</strong> Agent access changes over time; stale point-in-time reviews are treated as drift signals.</div>
+    <div class="card"><strong>Shadow agent registration</strong> Unregistered agents and imported MCP servers are blocked before privileged tool calls.</div>
+    <div class="card"><strong>Vaulted tokens</strong> Raw connector credentials, plaintext API keys, and unvaulted service tokens require explicit exception evidence.</div>
+  </div>
+
+  <h2>The proof actions</h2>
+  <p>Before a high-trust claim is accepted, ThumbGate can require tracked evidence:</p>
+  <pre><code>track_action("agent_identity_inventory_verified", {
+  owner: "workflow owner",
+  invoker: "who can run the agent",
+  credential: "service account or connector identity",
+  systems: ["GitHub", "Jira", "Slack"],
+  verbs: ["read", "write"],
+  purpose: "triage engineering tickets"
+})
+
+track_action("connector_scope_verified", {
+  platform: "Merge Agent Handler or Glean MCP Gateway",
+  allowedTools: ["create_ticket", "read_issue"],
+  dlp: "enabled",
+  audit: "tool-call logs verified",
+  downstreamSystems: ["Jira"]
+})</code></pre>
+
+  <h2>Is Glean a competitor?</h2>
+  <p>Glean is adjacent and upstream. It is a Work AI platform: enterprise search, assistant, agents, orchestration, connectors, security, and MCP Gateway. It competes for enterprise AI budget, but it does not replace ThumbGate's local-first feedback-to-enforcement loop for Claude Code, Cursor, Codex, Gemini CLI, MCP tools, and developer-machine actions.</p>
+  <p>The wedge is complementary: Glean and Merge help agents reach more enterprise systems. ThumbGate makes each new action boundary safer by checking purpose, identity, connector scope, and prior failures before execution.</p>
+
+  <h2>Buyer message</h2>
+  <p>If your agent can authenticate, it has an identity. If it can call tools, it has a blast radius. ThumbGate gives the operator a pre-action gate for that blast radius.</p>
+  <p><a class="cta" href="/guide">Install ThumbGate locally</a></p>
+</main>
+</body>
+</html>

package/public/learn/anthropomorphic-claim-gates.html

@@ -0,0 +1,180 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Anthropomorphic Claim Gates for AI Agents — ThumbGate</title>
+<meta name="description" content="How ThumbGate turns AI anthropomorphism research into a pre-action claim gate: do not let agents claim models understand, know, decide, or act human-like without measurement criteria and evidence.">
+<link rel="canonical" href="https://thumbgate.ai/learn/anthropomorphic-claim-gates">
+<link rel="llm-context" href="/llm-context.md" type="text/markdown">
+<link rel="icon" type="image/png" href="/thumbgate-icon.png">
+<script defer data-domain="thumbgate.ai" src="https://plausible.io/js/script.js"></script>
+<meta property="og:title" content="Anthropomorphic Claim Gates for AI Agents">
+<meta property="og:description" content="Stop agents from smuggling human-like claims into production decisions without explicit measurement criteria and evidence.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate.ai/learn/anthropomorphic-claim-gates">
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "Anthropomorphic Claim Gates for AI Agents",
+  "description": "A ThumbGate implementation pattern for blocking unsupported human-like or cognitive claims about AI systems until explicit measurement criteria and evidence are attached.",
+  "datePublished": "2026-06-20",
+  "dateModified": "2026-06-20",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate.ai"
+  },
+  "about": [
+    "AI agent governance",
+    "claim verification",
+    "anthropomorphism",
+    "pre-action gates"
+  ],
+  "url": "https://thumbgate.ai/learn/anthropomorphic-claim-gates"
+}
+</script>
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "What is an anthropomorphic claim gate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "It is a pre-action check that blocks claims such as an AI agent understands, knows, decides, wants, or behaves human-like until the operator records explicit measurement criteria and evidence."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Why does this matter for AI agent governance?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Unsupported cognitive claims can make teams over-trust an agent. ThumbGate turns those claims into verifiable gates before they influence production actions, audits, or buyer promises."
+      }
+    }
+  ]
+}
+</script>
+<style>
+  *, *::before, *::after { box-sizing: border-box; }
+  body {
+    margin: 0;
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+    background: #0a0a0b;
+    color: #ececf0;
+    line-height: 1.65;
+  }
+  nav {
+    display: flex;
+    gap: 22px;
+    align-items: center;
+    padding: 16px 28px;
+    border-bottom: 1px solid #242428;
+  }
+  nav a { color: #a7a7b1; text-decoration: none; font-size: 0.95rem; }
+  nav a:hover { color: #22d3ee; }
+  .brand { color: #fff; font-weight: 700; display: inline-flex; gap: 8px; align-items: center; }
+  .brand img { width: 28px; height: 28px; }
+  main { max-width: 860px; margin: 0 auto; padding: 48px 22px 72px; }
+  h1 { font-size: clamp(2rem, 5vw, 3.6rem); line-height: 1.05; margin: 0 0 18px; max-width: 760px; }
+  h2 { color: #22d3ee; font-size: 1.45rem; margin: 42px 0 14px; }
+  p { margin: 0 0 16px; color: #d6d6de; }
+  a { color: #67e8f9; }
+  .lede { color: #a7a7b1; font-size: 1.15rem; max-width: 720px; }
+  .callout {
+    margin: 30px 0;
+    border: 1px solid #303039;
+    background: #151518;
+    border-radius: 8px;
+    padding: 22px;
+  }
+  .grid { display: grid; grid-template-columns: repeat(2, minmax(0, 1fr)); gap: 18px; margin: 24px 0; }
+  .card {
+    border: 1px solid #26262c;
+    background: #111114;
+    border-radius: 8px;
+    padding: 18px;
+  }
+  .card strong { display: block; margin-bottom: 8px; color: #fff; }
+  code, pre {
+    font-family: "SF Mono", "Cascadia Code", "JetBrains Mono", Consolas, monospace;
+  }
+  pre {
+    overflow-x: auto;
+    background: #050506;
+    border: 1px solid #25252a;
+    border-radius: 8px;
+    padding: 18px;
+    color: #d7f9ff;
+  }
+  .source-note { color: #8f8f99; font-size: 0.92rem; }
+  .cta {
+    display: inline-block;
+    margin-top: 16px;
+    padding: 11px 18px;
+    border-radius: 8px;
+    background: #22d3ee;
+    color: #031114;
+    text-decoration: none;
+    font-weight: 700;
+  }
+  @media (max-width: 720px) {
+    nav { padding: 14px 18px; gap: 14px; flex-wrap: wrap; }
+    main { padding-top: 32px; }
+    .grid { grid-template-columns: 1fr; }
+  }
+</style>
+</head>
+<body>
+<nav>
+  <a href="/" class="brand"><img src="/assets/brand/thumbgate-mark-inline.svg" alt="ThumbGate" width="28" height="28">ThumbGate</a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/compare/databricks-unity-ai-gateway">Databricks comparison</a>
+</nav>
+<main>
+  <h1>Anthropomorphic claim gates for AI agents</h1>
+  <p class="lede">A model may produce useful work. That does not mean it understands, knows, decides, wants, or behaves human-like. ThumbGate now treats those phrases as claims that need measurement criteria before they can influence a production decision.</p>
+
+  <div class="callout">
+    <p><strong>The high-ROI lesson:</strong> stop debating whether the agent is smart. Gate the claim. If an operator or agent says an AI system has a human-like attribute, require a tested attribute, interface/substrate context, evaluator, and evidence before accepting the statement.</p>
+    <p class="source-note">Research anchor: Adrian de Wynter's arXiv paper, <a href="https://arxiv.org/abs/2605.31514" rel="noopener">If LLMs Have Human-Like Attributes, Then So Does Age of Empires II</a>. A public X post by Rohan Paul surfaced the paper as a reminder to avoid treating LLMs as human-like without clear tests and narrower claims.</p>
+  </div>
+
+  <h2>What changes in ThumbGate</h2>
+  <p>ThumbGate's default claim-verification config now includes an anthropomorphic AI claim gate. It catches unsupported statements like:</p>
+  <div class="grid">
+    <div class="card"><strong>Blocked without evidence</strong> "The agent understands the user's intent."</div>
+    <div class="card"><strong>Blocked without evidence</strong> "The model decided this was safe."</div>
+    <div class="card"><strong>Blocked without evidence</strong> "This assistant is human-like on workflow judgment."</div>
+    <div class="card"><strong>Accepted after proof</strong> "The model matched human annotators on this narrow benchmark, with criteria and evaluator recorded."</div>
+  </div>
+
+  <h2>The rule shape</h2>
+  <p>The gate does not ban research or careful measurement. It blocks vague cognitive language until a proof action is recorded.</p>
+  <pre><code>track_action("anthropomorphic_claim_verified", {
+  criteria: "attribute under test",
+  interface: "where and how the model was evaluated",
+  evaluator: "script, benchmark, reviewer, or study",
+  evidence: "report, paper, trace, or benchmark output"
+})</code></pre>
+
+  <h2>Why buyers care</h2>
+  <p>Unsupported human-like claims create audit risk. They make it easy for a team to over-trust a chatbot, agent, or orchestration layer and then explain a bad outcome with vibes instead of evidence.</p>
+  <p>For regulated, enterprise, and customer-facing workflows, this is a governance gap. ThumbGate turns the gap into a small deterministic check before the next claim is accepted.</p>
+
+  <h2>Where this fits</h2>
+  <p>Enterprise AI gateways can govern models, traffic, credentials, spend, and observability. ThumbGate handles the local pre-action surface: the moment an agent tries to claim something, execute a tool, publish a result, or tell the operator the work is safe.</p>
+  <p><a class="cta" href="/guide">Install ThumbGate locally</a></p>
+</main>
+</body>
+</html>

package/public/learn.html

@@ -115,6 +115,18 @@
       {
         "@type": "ListItem",
         "position": 13,
+        "url": "https://thumbgate.ai/learn/anthropomorphic-claim-gates",
+        "name": "Anthropomorphic Claim Gates for AI Agents"
+      },
+      {
+        "@type": "ListItem",
+        "position": 14,
+        "url": "https://thumbgate.ai/learn/agent-identity-connector-governance",
+        "name": "Agent Identity and Connector Governance"
+      },
+      {
+        "@type": "ListItem",
+        "position": 15,
         "url": "https://thumbgate.ai/learn/pretix-stripe-connect-marketplaces",
         "name": "Building a Pretix + Stripe Connect Plugin for Live-Music Venues"
       },
@@ -409,6 +421,22 @@
       <span class="article-tag">Cost Control</span>
     </a>
 
+    <a href="/learn/anthropomorphic-claim-gates" class="article-card">
+      <h3>Anthropomorphic Claim Gates for AI Agents</h3>
+      <p>Do not let an agent say a model understands, knows, decides, or behaves human-like unless it can show the measurement criteria and evidence behind that claim.</p>
+      <span class="article-tag">Claim Verification</span>
+      <span class="article-tag">Research</span>
+      <span class="article-tag">Proof Gates</span>
+    </a>
+
+    <a href="/learn/agent-identity-connector-governance" class="article-card">
+      <h3>Agent Identity and Connector Governance</h3>
+      <p>Agents connected to Merge, Glean, MCP gateways, and enterprise apps are identities. Gate owner, credential, connector scope, DLP, audit, and purpose before they act.</p>
+      <span class="article-tag">Agent Identity</span>
+      <span class="article-tag">MCP Connectors</span>
+      <span class="article-tag">Least Privilege</span>
+    </a>
+
     <a href="/learn/from-prototype-to-production" class="article-card">
       <h3>From git init to v1.17.0 in 70 days: an honest ThumbGate build log</h3>
       <p>70 days, 112 commits, 17 minor releases, 6k npm downloads, $0 cold-traffic revenue. The unedited story of taking ThumbGate from a one-line repo init to live production — including the part that's still broken.</p>

package/scripts/gate-stats.js

@@ -11,6 +11,11 @@ const PROJECT_ROOT = path.join(__dirname, '..');
 const MANUAL_GATES_PATH = path.join(PROJECT_ROOT, 'config', 'gates', 'default.json');
 const STATS_PATH = path.join(process.env.HOME || '/tmp', '.thumbgate', 'gate-stats.json');
 
+function safeOccurrenceCount(value) {
+  const n = Number(value);
+  return Number.isFinite(n) && n > 0 ? n : 0;
+}
+
 function loadGatesFile(filePath) {
   if (!fs.existsSync(filePath)) return [];
   try {
@@ -39,16 +44,16 @@ function calculateStats() {
   // Count total blocks/warns from occurrences in auto-promoted gates
   const totalBlocked = autoGates
     .filter((g) => g.action === 'block')
-    .reduce((sum, g) => sum + (g.occurrences || 0), 0);
+    .reduce((sum, g) => sum + safeOccurrenceCount(g.occurrences), 0);
   const totalWarned = autoGates
     .filter((g) => g.action === 'warn')
-    .reduce((sum, g) => sum + (g.occurrences || 0), 0);
+    .reduce((sum, g) => sum + safeOccurrenceCount(g.occurrences), 0);
 
   // Top blocked gate. A configured block rule with zero occurrences is not a
   // "top blocker"; only recorded block events should appear here.
   const topBlocked = [...allGates]
-    .filter((g) => g.action === 'block' && Number(g.occurrences || 0) > 0)
-    .sort((a, b) => (b.occurrences || 0) - (a.occurrences || 0))
+    .filter((g) => g.action === 'block' && safeOccurrenceCount(g.occurrences) > 0)
+    .sort((a, b) => safeOccurrenceCount(b.occurrences) - safeOccurrenceCount(a.occurrences))
     .at(0) || null;
 
   // Last promotion event
@@ -105,7 +110,7 @@ function computeCalibration(gates) {
   const calibration = [];
   for (const gate of gates || []) {
     if (!gate || !gate.id) continue;
-    const occurrences = Number(gate.occurrences || 0);
+    const occurrences = safeOccurrenceCount(gate.occurrences);
     const action = gate.action || 'unknown';
     // Only annotate gates with recorded occurrence data
     if (occurrences === 0) continue;
@@ -258,6 +263,7 @@ module.exports = {
   loadGatesFile,
   tryComputeBayesErrorRate,
   computeCalibration,
+  safeOccurrenceCount,
   MANUAL_GATES_PATH,
   STATS_PATH,
 };