thumbgate 1.3.0 → 1.4.0

package/plugins/claude-codex-bridge/.mcp.json

@@ -5,7 +5,7 @@
       "args": [
         "--yes",
         "--package",
-        "thumbgate@1.3.0",
+        "thumbgate@1.4.0",
         "thumbgate",
         "serve"
       ]

package/plugins/claude-codex-bridge/scripts/codex-bridge.js

@@ -3,6 +3,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const { spawnSync } = require('node:child_process');
+const { ensureDir } = require('../../../scripts/fs-utils');
 
 function getPluginRoot() {
   return process.env.CLAUDE_PLUGIN_ROOT || path.resolve(__dirname, '..');
@@ -20,9 +21,6 @@ function getCodexBin() {
   return process.env.THUMBGATE_CODEX_BIN || 'codex';
 }
 
-function ensureDir(dirPath) {
-  fs.mkdirSync(dirPath, { recursive: true });
-}
 
 function readJson(filePath) {
   return JSON.parse(fs.readFileSync(filePath, 'utf8'));

package/plugins/codex-profile/.codex-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "codex-profile",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "description": "ThumbGate for Codex: pre-action gates, skill packs, hallucination detection, PII scanning, progressive disclosure (82% token savings), and MCP-backed reliability memory.",
   "author": {
     "name": "Igor Ganapolsky",

package/plugins/codex-profile/.mcp.json

@@ -5,7 +5,7 @@
       "args": [
         "--yes",
         "--package",
-        "thumbgate@1.3.0",
+        "thumbgate@1.4.0",
         "thumbgate",
         "serve"
       ]

package/plugins/codex-profile/INSTALL.md

@@ -1,6 +1,29 @@
 # ThumbGate for Codex
 
-ThumbGate now ships a repo-local Codex app plugin surface plus the version-pinned MCP profile. Use the plugin files when you want a distributable Codex artifact, or copy the TOML block for a manual install.
+ThumbGate now ships a standalone Codex plugin bundle, a repo-local Codex app plugin surface, and the version-pinned MCP profile.
+
+## Option 1: Use the standalone release bundle
+
+Download the latest bundle:
+
+- `https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip`
+
+Or build it from source:
+
+```bash
+npm run build:codex-plugin
+```
+
+After extracting `thumbgate-codex-plugin.zip`, the folder already contains:
+
+- `.codex-plugin/plugin.json`
+- `.mcp.json`
+- `.agents/plugins/marketplace.json`
+- `config.toml`
+
+The bundled marketplace catalog points at `./`, so the extracted directory is a self-contained plugin root instead of a repo-relative stub.
+
+## Option 2: Use the repo-local plugin files
 
 ## Shipped plugin files
 
@@ -9,7 +32,7 @@ ThumbGate now ships a repo-local Codex app plugin surface plus the version-pinne
 - Codex marketplace entry: `.agents/plugins/marketplace.json`
 - Manual install profile: `adapters/codex/config.toml`
 
-## One-Command Install
+## Option 3: Manual MCP install
 
 Add the MCP server block to your Codex config:
 
@@ -31,7 +54,7 @@ The following block is appended to `~/.codex/config.toml`:
 ```toml
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
+args = ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "serve"]
 ```
 
 The repo-local Codex app plugin ships the same runtime path through `plugins/codex-profile/.mcp.json`, so the manual config and plugin metadata stay aligned.
@@ -59,7 +82,7 @@ Then restart Codex. The `thumbgate` MCP server will appear in the tool list.
 
 - Codex with MCP support
 - Node.js 18+ in PATH
-- Config file at `~/.codex/config.toml`
+- Config file at `~/.codex/config.toml` when using the manual MCP install path
 
 ## Uninstall
 

package/plugins/codex-profile/README.md

@@ -1,12 +1,14 @@
 # ThumbGate for Codex
 
-This directory is the repo-local Codex app plugin surface for ThumbGate.
+ThumbGate now ships a standalone Codex plugin bundle in GitHub Releases, alongside the repo-local Codex profile in this repository.
 
-It packages the same ThumbGate runtime you already use elsewhere:
+## Release surfaces
 
-- `plugins/codex-profile/.codex-plugin/plugin.json` for Codex plugin metadata
-- `plugins/codex-profile/.mcp.json` for the MCP server launcher
-- `adapters/codex/config.toml` for the version-pinned manual install path
+- Latest standalone bundle: `https://github.com/IgorGanapolsky/ThumbGate/releases/latest/download/thumbgate-codex-plugin.zip`
+- Versioned bundle pattern: `https://github.com/IgorGanapolsky/ThumbGate/releases/download/v<VERSION>/thumbgate-codex-plugin-v<VERSION>.zip`
+- Source plugin manifest: `plugins/codex-profile/.codex-plugin/plugin.json`
+- Source MCP config: `plugins/codex-profile/.mcp.json`
+- Manual install profile: `adapters/codex/config.toml`
 
 ## What it does
 
@@ -14,11 +16,25 @@ It packages the same ThumbGate runtime you already use elsewhere:
 - captures thumbs-up/down feedback that survives session boundaries
 - reuses the same local-first MCP runtime as Claude, Cursor, Gemini, Amp, and OpenCode
 
+## What's inside the standalone bundle
+
+- `.codex-plugin/plugin.json`
+- `.mcp.json`
+- `.agents/plugins/marketplace.json`
+- `config.toml`
+- `README.md`, `INSTALL.md`, and `AGENTS.md`
+
+The bundled marketplace catalog rewrites the plugin path to `./`, so the extracted folder can act as a self-contained plugin root instead of depending on this repository layout.
+
 ## Install paths
 
-### Codex app plugin
+### Standalone Codex plugin bundle
+
+Download the latest `thumbgate-codex-plugin.zip`, unzip it, and point Codex at the extracted `thumbgate-codex-plugin/` directory when you want a standalone plugin release surface.
+
+### Repo-local Codex app plugin
 
-Use the repo-local Codex plugin metadata and MCP config in this folder when Codex is loading plugin surfaces from the repository.
+Use the plugin metadata and MCP config in this folder when Codex is loading plugin surfaces directly from the repository.
 
 ### Manual install
 
@@ -29,9 +45,17 @@ That profile launches:
 ```toml
 [mcp_servers.thumbgate]
 command = "npx"
-args = ["--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"]
+args = ["--yes", "--package", "thumbgate@1.4.0", "thumbgate", "serve"]
+```
+
+### Build from source
+
+Build the same standalone release bundle locally with:
+
+```bash
+npm run build:codex-plugin
 ```
 
 ## Why this exists
 
-The Codex support story is no longer just "copy this config block." This folder is the shipped Codex plugin artifact for ThumbGate, so the repo can truthfully claim a Codex app plugin surface alongside the Claude Desktop bundle and Cursor plugin.
+The Codex support story is no longer just "copy this config block." ThumbGate now has a direct-download Codex plugin bundle, a repo-local plugin surface, and a pinned manual MCP profile so release assets, install docs, and the runtime stay aligned.

package/plugins/cursor-marketplace/.cursor-plugin/plugin.json

@@ -2,7 +2,7 @@
   "name": "thumbgate",
   "displayName": "ThumbGate",
   "description": "👍👎 Thumbs down a mistake — your AI agent won't repeat it. Thumbs up good work — it remembers the pattern.",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "author": {
     "name": "Igor Ganapolsky"
   },

package/plugins/opencode-profile/INSTALL.md

@@ -25,7 +25,7 @@ The portable profile adds this MCP server entry:
   "mcp": {
     "thumbgate": {
       "type": "local",
-      "command": ["npx", "--yes", "--package", "thumbgate@1.3.0", "thumbgate", "serve"],
+      "command": ["npx", "--yes", "--package", "thumbgate@1.4.0", "thumbgate", "serve"],
       "enabled": true
     }
   }

package/public/blog.html

@@ -34,6 +34,12 @@
         "url": "https://thumbgate-production.up.railway.app/blog",
         "publisher": { "@type": "Organization", "name": "Max Smith KDP LLC" },
         "blogPost": [
+          {
+            "@type": "BlogPosting",
+            "headline": "Your AI agent is a supply chain attack surface. Here's how to gate it.",
+            "datePublished": "2026-04-10",
+            "keywords": "AI agent security, supply chain attack, pre-action gates, agent governance, ThumbGate"
+          },
           {
             "@type": "BlogPosting",
             "headline": "The Claude Code Leak Proves Why Pre-Action Gates Matter",
@@ -166,6 +172,73 @@
     </header>
 
     <div class="container">
+      <article class="post">
+        <div class="post-date">April 10, 2026</div>
+        <h2>Your AI agent is a supply chain attack surface. Here's how to gate it.</h2>
+
+        <p>
+          Your AI coding agent runs shell commands. It installs packages. It
+          modifies files, pushes commits, and calls external APIs &mdash; all
+          without requiring you to type a single character. That's the pitch.
+          That's also the attack surface.
+        </p>
+
+        <h3>The gap is pre-action enforcement</h3>
+        <p>
+          Static analysis catches known-bad patterns in code you've already
+          written. Dependency scanners audit lock files <em>after</em> packages
+          are installed. By the time your scanner flags a problem, the agent
+          already ran the command.
+        </p>
+        <p>
+          These tools operate on the <em>output</em> of agent actions. You need
+          something that operates on the <em>input</em> &mdash; before execution.
+        </p>
+
+        <h3>Pre-Action Gates via PreToolUse hooks</h3>
+        <p>
+          ThumbGate implements pre-action gates via <code>PreToolUse</code> hooks
+          &mdash; interception points that run before every tool invocation. No
+          action reaches execution without passing through the gate. Not Bash
+          commands, not file edits, not web fetches.
+        </p>
+        <p>
+          What makes this more than a static blocklist is the
+          <strong>feedback-to-enforcement pipeline</strong>. When something goes
+          wrong, you record a thumbs-down with context. That failure feeds a
+          promotion engine. One failure becomes a warning. Three confirmed
+          failures of the same pattern become a hard block.
+        </p>
+
+        <h3>Real examples</h3>
+        <ul>
+          <li>
+            <strong>Force-push to main</strong> &mdash; Gate fires, push never
+            happens. Agent is redirected to create a branch and open a PR.
+          </li>
+          <li>
+            <strong>Unknown dependency install</strong> &mdash; Flagged for human
+            review. Agent pauses until you approve.
+          </li>
+          <li>
+            <strong>Destructive shell command</strong> &mdash; Blocked by a
+            prevention rule learned from a prior incident.
+          </li>
+        </ul>
+
+        <h3>Five-minute setup</h3>
+        <p>
+          <code>npx thumbgate init</code> installs the PreToolUse hook and
+          generates a starter gate config. Gates are just JSON &mdash; commit
+          them, review them, share them across your team.
+        </p>
+        <p>
+          <strong>Human judgment leads. AI supports. ThumbGate enforces it.</strong>
+        </p>
+
+        <a class="cta" href="/guide">Full setup guide &rarr;</a>
+      </article>
+
       <article class="post">
         <div class="post-date">April 1, 2026</div>
         <h2>Dual-Signal Feedback: Why "What Failed" Isn't Enough</h2>

package/public/compare/mem0.html

@@ -0,0 +1,189 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ThumbGate vs Mem0 | Enforcement vs Memory for AI Agents</title>
+<script defer data-domain="thumbgate-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="Mem0 is memory. ThumbGate is memory plus enforcement. It captures thumbs-up/down feedback, promotes the signal into rules, and blocks repeat failures with pre-action gates.">
+<meta name="keywords" content="ThumbGate vs Mem0, Mem0 alternative, AI agent memory enforcement, pre-action gates, feedback loop, AI coding agent guardrails">
+<meta property="og:title" content="ThumbGate vs Mem0">
+<meta property="og:description" content="Mem0 is memory. ThumbGate is memory plus enforcement. It captures thumbs-up/down feedback, promotes the signal into rules, and blocks repeat failures with pre-action gates.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate-production.up.railway.app/compare/mem0">
+<link rel="canonical" href="https://thumbgate-production.up.railway.app/compare/mem0">
+<link rel="llm-context" href="/public/llm-context.md" type="text/markdown">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "ThumbGate vs Mem0 — Enforcement vs Memory for AI Agents",
+  "description": "Mem0 is memory. ThumbGate is memory plus enforcement. It captures thumbs-up/down feedback, promotes the signal into rules, and blocks repeat failures with pre-action gates.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate-production.up.railway.app"
+  },
+  "datePublished": "2026-04-09",
+  "dateModified": "2026-04-09",
+  "mainEntityOfPage": "https://thumbgate-production.up.railway.app/compare/mem0",
+  "about": [
+    {"@type": "Thing", "name": "ThumbGate vs Mem0"},
+    {"@type": "Thing", "name": "AI agent memory enforcement"},
+    {"@type": "Thing", "name": "pre-action gates"}
+  ]
+}
+</script>
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "Does ThumbGate still include memory?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Yes. ThumbGate keeps local-first memory, ContextFS packs, lesson search, and recall, but adds pre-action enforcement when memory alone is insufficient."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Why compare Mem0 at all?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Because buyers often start with memory tooling and only later realize they also need enforcement. This page makes that upgrade path explicit."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Is Mem0 bad?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. Mem0 is useful when you mainly need retrieval and cross-session context. ThumbGate is useful when retrieval alone is not enough and the system has to stop the same mistake before execution."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Can I migrate from Mem0 to ThumbGate?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "ThumbGate does not require migrating away from Mem0. You can add ThumbGate as the enforcement layer while keeping any existing memory system for retrieval."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Does ThumbGate require a cloud account?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. ThumbGate is local-first with SQLite+FTS5 storage. No cloud account, no API keys needed to capture feedback and enforce pre-action gates."
+      }
+    }
+  ]
+}
+</script>
+
+<link rel="stylesheet" href="/learn/learn.css">
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand">ThumbGate</a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / <a href="/compare/mem0">Compare</a> / ThumbGate vs Mem0</div>
+  <h1>ThumbGate vs Mem0</h1>
+  <p style="color:var(--muted);">3 min read &middot; Bottom-of-funnel comparison for buyers choosing between memory and enforcement</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> Mem0 is memory. ThumbGate is memory plus enforcement. It captures thumbs-up/down feedback, promotes the signal into rules, and blocks repeat failures with pre-action gates.</div>
+
+  <h2>Where Mem0 fits</h2>
+  <p>Mem0 is designed as a cloud memory layer. It helps the model remember context and past interactions, but memory alone does not guarantee that the next action is safe.</p>
+
+  <h2>Where ThumbGate fits</h2>
+  <p>ThumbGate begins with the same need to remember, but it goes further. A thumbs down can become a prevention rule, and that rule can become a pre-action gate that blocks a repeated tool call.</p>
+  <ul>
+    <li>Thumbs up reinforces good behavior.</li>
+    <li>Thumbs down blocks repeated mistakes.</li>
+    <li>Verification evidence and automation reports back up the reliability claim.</li>
+  </ul>
+
+  <table style="width:100%;border-collapse:collapse;margin:1.5rem 0;">
+    <thead>
+      <tr style="border-bottom:2px solid var(--border, #333);">
+        <th style="text-align:left;padding:8px;">Capability</th>
+        <th style="text-align:center;padding:8px;">ThumbGate</th>
+        <th style="text-align:center;padding:8px;">Mem0</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr><td style="padding:8px;">Cross-session memory</td><td style="text-align:center;">Yes (local-first)</td><td style="text-align:center;">Yes (cloud)</td></tr>
+      <tr><td style="padding:8px;">Pre-action gate enforcement</td><td style="text-align:center;">Yes</td><td style="text-align:center;">No</td></tr>
+      <tr><td style="padding:8px;">Thumbs-up/down feedback</td><td style="text-align:center;">Yes</td><td style="text-align:center;">No</td></tr>
+      <tr><td style="padding:8px;">Prevention rule generation</td><td style="text-align:center;">Automatic</td><td style="text-align:center;">No</td></tr>
+      <tr><td style="padding:8px;">Multi-agent support</td><td style="text-align:center;">6 agents</td><td style="text-align:center;">API-based</td></tr>
+      <tr><td style="padding:8px;">Local-first / no cloud required</td><td style="text-align:center;">Yes</td><td style="text-align:center;">No</td></tr>
+      <tr><td style="padding:8px;">Thompson Sampling scoring</td><td style="text-align:center;">Yes</td><td style="text-align:center;">No</td></tr>
+      <tr><td style="padding:8px;">Verification evidence</td><td style="text-align:center;">Yes</td><td style="text-align:center;">No</td></tr>
+    </tbody>
+  </table>
+
+  <div class="callout">
+    <strong>The upgrade path:</strong> Buyers often start with memory tooling and only later realize they also need enforcement. ThumbGate makes that upgrade path explicit: keep memory, add gates.
+  </div>
+
+  <h2>Install ThumbGate</h2>
+  <pre><code>npx thumbgate init --agent claude-code</code></pre>
+  <p>Works with Claude Code, Cursor, Codex, Gemini, Amp, and OpenCode.</p>
+
+  <h2>Frequently Asked Questions</h2>
+  <h3>Does ThumbGate still include memory?</h3>
+  <p>Yes. ThumbGate keeps local-first memory, ContextFS packs, lesson search, and recall, but adds pre-action enforcement when memory alone is insufficient.</p>
+
+  <h3>Why compare Mem0 at all?</h3>
+  <p>Because buyers often start with memory tooling and only later realize they also need enforcement. This page makes that upgrade path explicit.</p>
+
+  <h3>Is Mem0 bad?</h3>
+  <p>No. Mem0 is useful when you mainly need retrieval and cross-session context. ThumbGate is useful when retrieval alone is not enough and the system has to stop the same mistake before execution.</p>
+
+  <h3>Can I migrate from Mem0 to ThumbGate?</h3>
+  <p>ThumbGate does not require migrating away from Mem0. You can add ThumbGate as the enforcement layer while keeping any existing memory system for retrieval.</p>
+
+  <h3>Does ThumbGate require a cloud account?</h3>
+  <p>No. ThumbGate is local-first with SQLite+FTS5 storage. No cloud account, no API keys needed to capture feedback and enforce pre-action gates.</p>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Pro for operators, Team for governance</h2>
+    <p>Start free with local gates. Pro is $19/mo or $149/yr for the personal dashboard and exports. Team rollout anchors at $99/seat/mo when shared lessons and org visibility matter.</p>
+    <div class="cta-install">$ npx thumbgate init</div>
+    <p style="margin-top:8px;"><a href="/pro">See Pro and Team pricing &rarr;</a></p>
+  </div>
+
+  <div class="related">
+    <h3>Related</h3>
+    <a href="/compare/speclock">ThumbGate vs SpecLock &rarr;</a>
+    <a href="/guides/claude-code-prevent-repeated-mistakes">Claude Code Feedback Memory &rarr;</a>
+    <a href="/guides/pre-action-gates">What Are Pre-Action Gates? &rarr;</a>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+  </div>
+</div>
+
+<div class="sticky-cta">
+  <span style="color:var(--muted)">Try it now:</span>
+  <code>npx thumbgate init</code>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+</div>
+</body>
+</html>

package/public/compare/speclock.html

@@ -0,0 +1,180 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>ThumbGate vs SpecLock | Thumbs Feedback vs Manual Specs</title>
+<script defer data-domain="thumbgate-production.up.railway.app" src="https://plausible.io/js/script.js"></script>
+<meta name="description" content="SpecLock starts from manually written constraints. ThumbGate starts from thumbs-up/down feedback and turns it into pre-action gates that block repeated mistakes.">
+<meta name="keywords" content="ThumbGate vs SpecLock, SpecLock alternative, AI agent guardrails comparison, pre-action gates, feedback enforcement">
+<meta property="og:title" content="ThumbGate vs SpecLock">
+<meta property="og:description" content="SpecLock starts from manually written constraints. ThumbGate starts from thumbs-up/down feedback and turns it into pre-action gates that block repeated mistakes.">
+<meta property="og:type" content="article">
+<meta property="og:url" content="https://thumbgate-production.up.railway.app/compare/speclock">
+<link rel="canonical" href="https://thumbgate-production.up.railway.app/compare/speclock">
+<link rel="llm-context" href="/public/llm-context.md" type="text/markdown">
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "TechArticle",
+  "headline": "ThumbGate vs SpecLock — Thumbs Feedback vs Manual Specs",
+  "description": "SpecLock starts from manually written constraints. ThumbGate starts from thumbs-up/down feedback and turns it into pre-action gates that block repeated mistakes.",
+  "author": {
+    "@type": "Person",
+    "name": "Igor Ganapolsky",
+    "url": "https://github.com/IgorGanapolsky"
+  },
+  "publisher": {
+    "@type": "Organization",
+    "name": "ThumbGate",
+    "url": "https://thumbgate-production.up.railway.app"
+  },
+  "datePublished": "2026-04-09",
+  "dateModified": "2026-04-09",
+  "mainEntityOfPage": "https://thumbgate-production.up.railway.app/compare/speclock",
+  "about": [
+    {"@type": "Thing", "name": "ThumbGate vs SpecLock"},
+    {"@type": "Thing", "name": "AI agent guardrails comparison"},
+    {"@type": "Thing", "name": "pre-action gates"}
+  ]
+}
+</script>
+
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "FAQPage",
+  "mainEntity": [
+    {
+      "@type": "Question",
+      "name": "Is ThumbGate trying to replace specs?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "No. ThumbGate complements specs by capturing thumbs-up/down feedback from live agent behavior and enforcing the learned rules as pre-action gates."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "What does ThumbGate do that SpecLock does not?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "ThumbGate turns explicit feedback into searchable memory, auto-generated prevention rules, and runtime gates that block repeated mistakes before the next tool call executes."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Can I use ThumbGate and SpecLock together?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "Yes. SpecLock can handle upfront spec enforcement while ThumbGate handles the emergent failures that specs did not anticipate, using thumbs-up/down feedback to learn and enforce new rules."
+      }
+    },
+    {
+      "@type": "Question",
+      "name": "Which tool is better for fast-moving teams?",
+      "acceptedAnswer": {
+        "@type": "Answer",
+        "text": "ThumbGate is better for fast-moving agent workflows where the problem is not writing more specs, but preventing the same mistake from happening again tomorrow."
+      }
+    }
+  ]
+}
+</script>
+
+<link rel="stylesheet" href="/learn/learn.css">
+</head>
+<body>
+
+<nav>
+  <a href="/" class="brand">ThumbGate</a>
+  <a href="/guide">Setup Guide</a>
+  <a href="/learn">Learn</a>
+  <a href="/dashboard">Dashboard</a>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub</a>
+</nav>
+
+<div class="container">
+  <div class="breadcrumb"><a href="/learn">Learn</a> / <a href="/compare/speclock">Compare</a> / ThumbGate vs SpecLock</div>
+  <h1>ThumbGate vs SpecLock</h1>
+  <p style="color:var(--muted);">3 min read &middot; Bottom-of-funnel comparison for buyers choosing between feedback enforcement and manual specs</p>
+
+  <div class="tldr"><strong>TL;DR:</strong> SpecLock starts from manually written constraints. ThumbGate starts from thumbs-up/down feedback and turns it into pre-action gates that block repeated mistakes.</div>
+
+  <h2>The product difference in one sentence</h2>
+  <p>SpecLock helps a team codify rules before the work begins. ThumbGate helps a team convert real thumbs-up/down feedback into live pre-action gates after the work reveals what actually breaks.</p>
+  <p>That means ThumbGate is better for fast-moving agent workflows where the problem is not writing more specs, but preventing the same mistake from happening again tomorrow.</p>
+
+  <table style="width:100%;border-collapse:collapse;margin:1.5rem 0;">
+    <thead>
+      <tr style="border-bottom:2px solid var(--border, #333);">
+        <th style="text-align:left;padding:8px;">Capability</th>
+        <th style="text-align:center;padding:8px;">ThumbGate</th>
+        <th style="text-align:center;padding:8px;">SpecLock</th>
+      </tr>
+    </thead>
+    <tbody>
+      <tr><td style="padding:8px;">Feedback-driven learning</td><td style="text-align:center;">Yes</td><td style="text-align:center;">No</td></tr>
+      <tr><td style="padding:8px;">Pre-action gate enforcement</td><td style="text-align:center;">Yes</td><td style="text-align:center;">Spec-based only</td></tr>
+      <tr><td style="padding:8px;">Thumbs-up/down capture</td><td style="text-align:center;">Yes</td><td style="text-align:center;">No</td></tr>
+      <tr><td style="padding:8px;">Multi-agent support</td><td style="text-align:center;">6 agents</td><td style="text-align:center;">Varies</td></tr>
+      <tr><td style="padding:8px;">Requires upfront spec writing</td><td style="text-align:center;">No</td><td style="text-align:center;">Yes</td></tr>
+      <tr><td style="padding:8px;">Thompson Sampling scoring</td><td style="text-align:center;">Yes</td><td style="text-align:center;">No</td></tr>
+      <tr><td style="padding:8px;">Verification evidence</td><td style="text-align:center;">Yes</td><td style="text-align:center;">Varies</td></tr>
+    </tbody>
+  </table>
+
+  <h2>Choose ThumbGate when</h2>
+  <ul>
+    <li>Your agent already repeats known mistakes and you need the block to happen before tool execution.</li>
+    <li>You want one feedback loop that supports both reinforcement from thumbs up and prevention from thumbs down.</li>
+    <li>You need proof assets, automation reports, and compatibility across multiple coding agents.</li>
+  </ul>
+
+  <h2>Choose SpecLock when</h2>
+  <ul>
+    <li>Your team already maintains strong PRDs or system specs and wants the model constrained against those artifacts.</li>
+    <li>Your primary problem is uncontrolled file edits, not a missing feedback-to-enforcement loop.</li>
+    <li>You are willing to invest in manual constraint authoring as part of the workflow.</li>
+  </ul>
+
+  <h2>Install ThumbGate</h2>
+  <pre><code>npx thumbgate init --agent claude-code</code></pre>
+  <p>Works with Claude Code, Cursor, Codex, Gemini, Amp, and OpenCode.</p>
+
+  <h2>Frequently Asked Questions</h2>
+  <h3>Is ThumbGate trying to replace specs?</h3>
+  <p>No. ThumbGate complements specs by capturing thumbs-up/down feedback from live agent behavior and enforcing the learned rules as pre-action gates.</p>
+
+  <h3>What does ThumbGate do that SpecLock does not?</h3>
+  <p>ThumbGate turns explicit feedback into searchable memory, auto-generated prevention rules, and runtime gates that block repeated mistakes before the next tool call executes.</p>
+
+  <h3>Can I use ThumbGate and SpecLock together?</h3>
+  <p>Yes. SpecLock can handle upfront spec enforcement while ThumbGate handles the emergent failures that specs did not anticipate, using thumbs-up/down feedback to learn and enforce new rules.</p>
+
+  <h3>Which tool is better for fast-moving teams?</h3>
+  <p>ThumbGate is better for fast-moving agent workflows where the problem is not writing more specs, but preventing the same mistake from happening again tomorrow.</p>
+
+  <div class="cta-box">
+    <h2 style="color:var(--text);font-size:1.3rem;margin:0 0 8px;">Pro for operators, Team for governance</h2>
+    <p>Start free with local gates. Pro is $19/mo or $149/yr for the personal dashboard and exports. Team rollout anchors at $99/seat/mo when shared lessons and org visibility matter.</p>
+    <div class="cta-install">$ npx thumbgate init</div>
+    <p style="margin-top:8px;"><a href="/pro">See Pro and Team pricing &rarr;</a></p>
+  </div>
+
+  <div class="related">
+    <h3>Related</h3>
+    <a href="/compare/mem0">ThumbGate vs Mem0 &rarr;</a>
+    <a href="/guides/pre-action-gates">What Are Pre-Action Gates? &rarr;</a>
+    <a href="/guides/stop-repeated-ai-agent-mistakes">Stop Repeated AI Agent Mistakes &rarr;</a>
+    <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+  </div>
+</div>
+
+<div class="sticky-cta">
+  <span style="color:var(--muted)">Try it now:</span>
+  <code>npx thumbgate init</code>
+  <a href="https://github.com/IgorGanapolsky/ThumbGate" target="_blank" rel="noopener">GitHub &rarr;</a>
+</div>
+</body>
+</html>