igorganapolsky/skills/agent-architect-kit
skills/agent-architect-kit/SKILL.md
# Agent Architect Kit ↔ ThumbGate Bridge **Status:** shipped 2026-04-21. Test-backed. CLI-automatable. Safe to recommend publicly. ## What this is [agent-architect-kit](https://github.com/ultrathink-art/agent-architect-kit) by @ultrathink-art is a CLAUDE.md + agent-role template kit that persists learnings as per-role markdown files (`agents/state/memory/<role>.md`). They solve the setup layer. ThumbGate solves the runtime-enforcement layer — PreToolUse hooks that actually block known-bad too
$ install --global
skillsauthnpx skillsauth add igorganapolsky/rlhf-feedback-loop skills/agent-architect-kitInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 22, 2026, 7:22 AM158.9s1 file scanned
SKILL.md
Agent Architect Kit ↔ ThumbGate Bridge
Status: shipped 2026-04-21. Test-backed. CLI-automatable. Safe to recommend publicly.
What this is
agent-architect-kit by @ultrathink-art is a CLAUDE.md + agent-role template kit that persists learnings as per-role markdown files (agents/state/memory/<role>.md). They solve the setup layer. ThumbGate solves the runtime-enforcement layer — PreToolUse hooks that actually block known-bad tool calls instead of hoping the agent reads its memory file.
The two stacks are complementary. A team running architect-kit graduates to ThumbGate when their markdown memory grows past the ~80-line ceiling their own memory-directive.md enforces, or when they want their operations meta-agent to do more than edit instructions — actually prevent the failing action.
This bridge turns that graduation into a one-shot command.
The bridge
What it does
scripts/integrations/architect-kit-memory-bridge.js walks an architect-kit memory directory, parses each per-role .md file, and emits one ThumbGate feedback entry per qualifying line:
| architect-kit section | → ThumbGate signal | notes |
|---|---|---|
| ## Mistakes | down with whatWentWrong | every entry becomes a thumbs-down lesson |
| ## Learnings | up with whatWorked | every entry becomes a thumbs-up memory |
| ## Stakeholder Feedback | up/down depending on keywords | "rejected", "broken", "wrong", "hate", etc. flip negative |
| ## Session Log | skipped | too granular to be useful in a searchable lesson DB |
Every ingested entry is tagged architect-kit, role:<name>, and the source section, so imports are auditable and rollbackable.
How to run it
Dry-run first (no writes, prints classification):
npm run integrations:architect-kit:import -- \
--dir=/path/to/agents/state/memory \
--dry-run --json
Real import (writes to ThumbGate feedback log):
npm run integrations:architect-kit:import -- \
--dir=/path/to/agents/state/memory
Single role (e.g. import only coder.md):
npm run integrations:architect-kit:import -- \
--dir=/path/to/agents/state/memory \
--role=coder
What you get after import
npm run feedback:stats # see new entries grouped by tag
npm run feedback:rules # regenerate prevention rules from the imported mistakes
The imported mistakes now feed the same pipeline as native ThumbGate feedback: lesson DB indexing, Thompson Sampling rollups, prevention-rule generation, and PreToolUse hook injection. The architect-kit operations agent's "edit the instructions" loop is now backed by hooks that can actually refuse a tool call.
Test proof
npm run test:architect-kit-memory-bridge
# 16 tests, 0 fail
Fixtures live in tests/fixtures/architect-kit-memory/ and mirror the exact format from architect-kit's memory-directive.md. The test-suite parity guard (tests/test-suite-parity.test.js) pins this test into the npm test chain — dropping the test accidentally now fails CI.
Positioning talking points (for outreach + docs)
- CLAUDE.md is the control plane. That's architect-kit's thesis and it's right. ThumbGate doesn't replace CLAUDE.md — it adds a runtime gate that enforces whatever CLAUDE.md says.
- Template memory → queryable memory. Per-role markdown files stop scaling past ~80 lines (architect-kit documents this limit themselves). ThumbGate's SQLite+FTS5+LanceDB store is what you migrate to when your memory deserves search.
- Operations becomes teeth, not talk. Their
operationsmeta-agent edits instructions. ThumbGate lets operations also register prevention rules that PreToolUse hooks honor — the same loop, but the agent literally cannot skip it.
What NOT to do
- Do not re-import the same memory twice. Architect-kit memory has no stable entry IDs; repeated imports duplicate lessons. Prune the source file (their own directive says to) before re-running, or run dry-run + diff first.
- Do not import the
Session Logsection. The bridge skips it deliberately. Session log entries are ephemeral task receipts, not lessons. - Do not assume operations-role edits propagate automatically. The architect-kit operations agent edits markdown instruction files; ThumbGate's prevention rules are regenerated by
npm run feedback:rules. Wire that into your Ralph Loop (or theirs) if you want continuous re-derivation.
Files added/touched by this integration
scripts/integrations/architect-kit-memory-bridge.js— parser + importer + CLItests/architect-kit-memory-bridge.test.js— 16 unit teststests/fixtures/architect-kit-memory/{coder,qa}.md— fixtures matching their formatpackage.json— newtest:architect-kit-memory-bridgeandintegrations:architect-kit:importscripts, chained intonpm testskills/agent-architect-kit/SKILL.md— this doc
When to reach back out to @ultrathink-art
If they ship stable entry IDs in their memory format, upgrade the bridge to do incremental imports (skip already-seen entries). Until then, treat this as a one-shot migration tool, not a sync daemon.
Related Skills
igorganapolsky/thumbgate-rules
tools
VerifiedTrustedCommunity
List the active ThumbGate prevention rules, reliability rules, and the promoted lessons behind them, so the user can see which guardrails are currently protecting this project and WHY each one exists. Reads the live rule and lesson stores via the prevention_rules, get_reliability_rules, and search_lessons MCP tools (CLI fallback `npx thumbgate rules`). Use when the user says "what is ThumbGate protecting me from", "show my rules", "show my gates", "what has the agent learned", "list active guardrails", or "what's blocked here". Do NOT use to CREATE a new rule (use the thumbgate-guard skill), to see runtime enforcement counts of what actually fired (use the thumbgate-blocked skill), or to diagnose whether ThumbGate is wired up at all (use the thumbgate-doctor skill).
23SKILL.mdUpdated Jun 12, 2026
igorganapolsky/thumbgate-protect
tools
VerifiedTrustedCommunity
Inspect this repo's branch and release governance (protected branches, release rules, protected-file globs) and, only when the user explicitly approves, grant a scoped, time-limited exception so a protected-file edit or publish can proceed under audit. Reads posture via the get_branch_governance MCP tool and records a narrow, expiring approval via the approve_protected_action MCP tool. Use when the user says "is main protected", "show branch governance", "what am I blocked from editing", "approve this protected change", or "let me edit a protected file just this once". Do NOT use to disable protection wholesale, to grant broad or standing exceptions, or to diagnose hook wiring (use the thumbgate-doctor skill) — this skill is for narrow, temporary, audited approvals only.
23SKILL.mdUpdated Jun 12, 2026
igorganapolsky/thumbgate-guard
tools
VerifiedTrustedCommunity
Turn the agent's most recent mistake into an enforced ThumbGate prevention rule (a PreToolUse block gate) so the same bad tool call is intercepted before it runs again, in this and every future session across Claude Code, Cursor, Codex, Gemini, Amp, and Cline. Captures the failure with the capture_feedback MCP tool, then force-promotes it via `npx thumbgate force-gate` so it is enforced, not just logged. Use when the user says "guard against this", "block this from happening again", "never do that again", "make that a rule", "stop the agent from repeating that", or right after a bad action or thumbs-down that should become a hard rule. Do NOT use to merely log a thumbs-up/down without enforcement (use the thumbgate-feedback skill), to recall prior context before starting work (use the Agent Memory skill), or to list rules that already exist (use the thumbgate-rules skill).
23SKILL.mdUpdated Jun 12, 2026
igorganapolsky/thumbgate-doctor
tools
VerifiedTrustedCommunity
Health-check whether ThumbGate is actually wired into this agent — PreToolUse/SessionStart hooks installed, MCP server reachable, lesson store present, statusline, and overall agent-readiness — then report exactly what to fix. Runs the existing `npx thumbgate doctor` audit and the check_operational_integrity MCP tool. Use when the user says "is ThumbGate wired up", "thumbgate doctor", "check my guardrails are installed", "why aren't my gates firing", "is the MCP server connected", or "agent readiness". Do NOT use to view rules (use the thumbgate-rules skill), to view what was blocked (use the thumbgate-blocked skill), or to capture a new rule (use the thumbgate-guard skill) — this skill only diagnoses setup and wiring.
23SKILL.mdUpdated Jun 12, 2026